I’ve been receiving plenty of spoof email lately, and I wonder how successful these scamsters are at convincing people to hand over sensitive account information. I’m afraid that anyone who is unaware of phishing scams could become easy prey to spoof email.
Spoof email is email that you receive from someone who is usually pretending to represent a particular company, such as eBay, PayPal, Citibank, and so on. The email message typically warns that you have an urgent problem with your account that you must correct immediately or you will lose access to your account. For your convenience, the message typically contains a link you can click to go directly to the website where you can log in and make corrections to your account.
The trouble is, the link takes you to a website that looks like the official company’s website but is really an imposter trying to collect your account information. This is also known as phishing – as in the person is “fishing” for sensitive data, such as…
- Login name and password
- PIN
- Social Security Number
- Account number
- ATM/Debit or Credit Card number
- CCV (Credit Card Validation) code
Once the scamster has this information, he or she can login to your account, obtain additional information, and use your account to steal your identity and commit other crimes.
What to do
Whenever you receive a message from a company requesting that you go to a particular website to correct account information, you should be suspicious. Take the following actions:
- If the message contains a link, rest the mouse pointer on the link and look in the status bar at the bottom of the window in which the message is displayed. The status bar will usually reveal the real address of the website or page that the link will take you to. (This is usually different from the address displayed in the message and does not match the address of the legitimate company’s website, as shown below.)
- Never click the link in one of these messages, even if the message appears to be legitimate. You’re better off opening your Web browser and typing in the official website address yourself, such as www.paypal.com
- Report the incident to the company being spoofed. Most legitimate companies that are “spoofed” like to know when someone is trying to steal their customer’s information. Visit the company’s official website and look for a “Security” link or something similar (usually at the top or bottom of the page), which you can click to obtain information about what to do. The company will usually ask that you forward the spoof email to them. If you get a spoof email pretending to be from Citibank, PayPal, or eBay, for example, you can forward the message to one of the following email addresses:
emailspoof@citibank.com
spoof@paypal.com
spoof@ebay.com - Report the incident to the Federal Trade Commission by forwarding a copy of the message to:
spam@uce.gov
If you happen to visit a spoof website by mistake and enter any information on that site, contact the legitimate company immediately and ask how to proceed. You may need to cancel your account and open a new account. This could be very inconvenient, but it’s far better than having a criminal running around with access to your account information.
