I haven’t been tagged with identity theft (knock on wood), and I feel bad for the folks that do have to go through it. I’m sure it is taxing on your family AND your finances, but there are a few good things you can look for in the internet age of identity theft…
I actually had a job a few years back managing the Spam Blocking Systems of my company. We’d have complex algorithms and rules, quarantines, and IP filtering to name a few, that would try to catch these before they got into the email system.
This is one of the main ways viruses used to get into corporate mail systems and take down critical apps for hours and sometimes days, costing the company a lot of coin that could have been avoided by educating the users on a few simple keys to notice on anything that looks “peculiar”.
The first rule that you should ALWAYS follow is NEVER open an attachment or click a link from an unsolicited email address. 99% of the time this will save you from running into trouble.
Spammers are on to those tricks these days though so they try to spoof a valid email address to get you to open their script or attachment, often times searching for your personal information.
SPOOF – To falsify one’s identity or the identity of a computer. For example, an intruder may spoof the IP address of the computer from which he is launching an attack in order to cover his tracks or to make it appear that another, innocent party is responsible.
I got this one in my mail this morning and immediately knew it was a fake. Yes, I use Paypal all the time, and love the service, but there were some fishy tactics in it.
1. Notice the “from” email address. It is from email@example.com. If Paypal was indeed going to send me an email asking for my information, I’m sure they would send it from their own domain of Paypal.com. I would generally stop right here and delete the message because I’d know it wasn’t real, but for the sake of education I will go on.
2. I understand the point of sending email to “undisclosed recipients” if it is a bulk email. But this is something personal that needs to be addressed personally, and most places have systems that send out email in bulk, but can be addressed each person personally instead of in bulk. Another key to watch for, not in this one, is if it would have been several people named “Hank” in the “TO” address. That’s another common key.
3. Look at the #3 and the #5 together (click the image to the right to enlarge). When I mouse over the #3, it claims to be going to the Paypal.com/us homepage, but contrary to popular belief it isn’t.
Look at the #5 when you scroll over a link, this is another type of spoofing, which actually can be hidden as well, but again, this email didn’t bother to spoof that piece.
This is a HUGE red flag to look for as well. If it is not going where it says it is going, leave, fast.
4. Again, #4 is the same thing as #3, a link that is “spoofed”. Scroll over the link and look at #5, same thing, sending you to another site that ISN’T where you want to be going.
5. This is the actual spoof site. If you want to dig on it deeper, consider typing the name of the site in a search bar, but without the .com at the end of it. Conveniently in this example, you’ll see this is a “phishing” site.
PHISHING – an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging.
6. The one site that you’d WANT to actually find out about is the privacy information from Paypal, and it isn’t hyperlinked conveniently. This should be the final piece of info you need to know to turn and run!
I’ve been in the world for a while so I know how to spot these things and it takes some time to get them figured out; it took me some time. But it really is critical to watch out for because it could be the killer of your credit, your bank account, and your livelihood in general. In the age of the internet, spoofers and phishers are getting more and more creative in trying to get at your account information and you’ll be ahead of the curve if you know their tactics.