 |
A sample email message I recently received:
“Your Authorize online service has expired. If your intention is to remain a Authorize customer please begin the activation sequence as soon as possible. Failure to update your information will lead to the permanently suspension of your account. Click here to Log-in to your account and update your information.”
|
by Simone Bouyer
This is an example of Phishing, the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity. Trust your instincts. If an e-mail message looks suspicious, it probably is.
This was an easy one to ignore since I don’t have an authorize.net account. However, I have received similar messages from Facebook, PayPal, and American Express. Although these messages appear to come from legitimate businesses, they are fakes. Most contain misspelled words, so look for those first.
A second BIG clue is that no legitimate business is ever going to
send you an email message asking you to update your contact information
by clicking a link. They will send you all types of other messages,
welcome to your new account, links to FAQ, etc., but most will never
request account information via an email message.
If you do click the link, pay attention to the web address that
shows in the status window. The above link led to
authorize.pttwebservices.com, which is not the same as authorize.net.
This is a hacker at work. The links that you are urged to click may
contain all or part of a real company’s name, but the link is actually
taking you to a phony web site.
About Domain Names
Anyone can purchase a domain name and web hosting for that name.
Hackers can create a subdirectory on their website using a legitimate
name. They may create sears.myaccounts.com, or paypal.commercial.com.
The dot in the middle of the name indicates that you are accessing a
subdirectory on the server. The actual domain name ends in .com, or
.net. or .org. A legitimate business may use subdirectories, but their
main domain name will be paypal.com, or sears.com.
Thus,
messages from accounts.sears.com are legitimate, while messages from
sears.accountcentral.com could be fake. Also look for misspellings in
domain names — micosoft.com is not the same as microsoft.com.
A friend’s Yahoo account was recently hacked in just this way.
She responded to an email requesting that she click a link to update
her account information. When she did this she was presented with a
page that looked exactly like Yahoo’s log-in page. Once she logged in
on the fake site the hacker had everything he needed. The hacker
changed her password, locking her out of her account. The hacker then
sent a message to all of the contacts in her address book. The message
stated that Tina, my friend, was traveling abroad when her purse was
stolen, and that she desperately needed me to send her money so she
could return home. Many of us who received this message thought it was
a bit suspicious and replied with questions that only Tina would know
the answer to. Others thought the message was a serious request for
help.
Social networking sites have recently become a target for
phishing. Once in, a hacker has access to all types of personal
information about you. Facebook users and Myspace users are prime
targets. Always be suspicious of any official looking messages. The
best thing to do is to never click a link in an email message. Instead
access your online accounts the way you normally do, via a bookmark on
your browser. That way you can see for yourself if your account
information needs updating.
Some messages urge you to act immediately by saying that an
account will be closed in 48 hours if you don’t take action. Don’t do
it. Call your bank or financial institution. They wouldn’t send you an
email message if it was that urgent.
Other Online Scams
You did not win the lottery held in Great Britain. You are not the
new trustee for 1 million dollars from a Uganda prince in exile. There
is not a group of 20 German tourists who need to make reservations at
your bed and breakfast. Likewise, no one in Brazil wants to purchase
hundreds of the things you have for sale on your website. All they want
is your bank account information, and once they have that you are done
for.
If you think you’re the victim of phishing, report the incident.
Contact your credit card company if you have given out your credit card
information. Reporting that your account may be compromised and closing
the account should be your first step. Send the entire fraudulent
message to the company that’s been misrepresented. Remember to contact
the organization directly, not through the e-mail message you received.
You can also report the phishing scam to the Anti-Phishing
Working Group at
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
and to the FTC at
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
Please be suspicious of all email messages, even if it looks like it came from someone you know.
|
