You receive an email in your Inbox which appears to have been sent by your bank or an enterprise with which you frequently do business. It may include the company’s name, logo and even wording from the company’s website. It also includes an urgent message explaining why you need to log in immediately and verify your account information.
Don’t believe it.
This email as described is a textbook example of email fraud, otherwise known as phishing. The email is a fraud, meant to lure you to a website that does not belong to that business at all. Cyber thieves use these emails as vehicles to obtain confidential information about you. This information can include anything that can be used to identify you, including your user name, password, debit and credit card numbers and bank account number.
If you fall for this scam and submit your login name and password to this fake website, you have given cyber thieves everything they will need to use your login information and make transactions on your account. But if you know beforehand how to identify a phishing email, you won’t fall for the scam and your money will stay with you. Cyber thieves are not capable of obtaining your identifying information through a phishing email unless you give it to them.
Telltale signs of email fraud include the following:
- Requests for personal information. Fraudulent emails will often begin with a generic greeting and a claim that your personal information has been compromised, your bank account has been frozen, or a request to confirm the authenticity of a transaction. They will ask you to visit a website to “update” or “verify” your information. Be wary of any email that ever asks you to provide personal information, no matter what reason is given.
- Upsetting or exciting claims. To increase response, many fraudulent emails will contain sensationalized statements. This is done to entice an immediate reaction, which will often lead to a response with the desired information before the victim has had time to research the claims made in the email. Before responding to any email requesting sensitive information, be certain to thoroughly research its authenticity by contacting the company separately and directly.
- Appearances of legitimacy. While some emails are very easily identified as being fakes, others may appear to be from a legitimate address and trusted online business. Professional cyber thieves are very good at designing emails to look as close to being authentic as possible. Never rely on the name or address in the “From” field, as this information can be easily altered.
- Prizes or gift certificate offers. Many fake emails will contain promises of prizes or gift certificates as payment for filling out a survey or answering a few simple questions. In order to collect the offered prize, you will be asked to provide personal information. Be absolutely certain to confirm that the prize or gift certificate is being offered by a known and trusted place of business.