Posts

For years, fraud experts have warned consumers about phishing attempts that try to steal money and identifying information. As people have become more aware of the threat, scammers have had to up the stakes in order to trick users into downloading malicious content to their computers or hand over their sensitive information.

One common approach is the “there’s something wrong with your account” email. These messages appear to come from a well-known company. It might claim your account has been suspended due to strange activity, an order you placed (or possibly didn’t place) is not shipping due to a problem with your credit card, or any other plausible scenario. The goal is to get you to click the link and submit personal information, such as login credentials, passwords or credit card info.

So how is a company supposed to inform you when there really is an issue with your account? A good example may be the one below:

The email informed the recipient of the need to take action on their account by exiting the message and logging in to the account themselves. Rather than the common ploy of having the victim click a button that supposedly redirects to their account, this message plays it safe: Leave this email, go to your account, login for yourself, and make sure your information is accurate.

Also, further below, there is a support number to call for help. That can be indicative of a scam, though, so beware; numerous scams have included phone numbers to call that simply redirect to the scammers, so anyone receiving this email should verify the phone number before calling. However, the information the recipient needs is laid out quite clearly in the email, and hopefully, no further support is even required.

At first glance, this email could look and sound just like any other phishing email, but the difference is in the action the recipient is to take. Instead of falling into a potential trap, the reader is only told to do the very same activity they would do if they had not received the message, namely, log into their account and make sure their profile is up-to-date.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you’ve used the internet for any amount of time, there’s a good chance you’ve received plenty of phishing emails. Nigerian prince emails, foreign lottery winner emails and even “if you don’t pay the ransom, you’ll never see your son again” emails, all of which are designed to get you to hand over your identifying information, your money or both.

But now that phishing emails so widely recognized for the scams they are, savvy thieves have a new trick up their sleeves: phishing websites. How do these work? They masquerade as the real deal, tricking you into entering your credit card info, downloading a harmful software, filling out the registration form with your sensitive data or some other similar tactic.

Try this example: You head over to Amaz0n.com or PayPaI (notice the zero instead of an O and a capital letter I instead of a lowercase l) and enter all of your information, update your payment information or bank account, verify your account identity or some other mechanism for stealing from you. You never knew you weren’t on the correct site and the scammers stole everything.

“But I’m never going to type A M A Z (zero) N,” you might be thinking, and you’re probably correct. The hackers know that too, so that’s not how they target you. Instead, they get you to click a link in an email, a social media post or ad, a text message, or some other form of communication. You see what you think is an email from Amazon, either offering you some incredible deal or telling you there’s a problem with your recent order, and you click the link provided in the very professional-looking message. The link redirects to a fake website, though, even though the email domain name and the web address look close enough to the real thing to fool anyone who isn’t paying attention.

Fortunately, avoiding fake websites is almost as easy as ignoring those pleas for help from deposed Nigerian royalty.

  1. Develop the habit of NEVER verifying your identity or account information to someone who contacts you. Whether it’s by phone, email or a website, do not click or enter any personal data or payment details if you didn’t type in the web address yourself. If you think there could actually be a problem due to a message you received, get out of that message altogether and go to the website yourself, typing in the web address (you know, to avoid typing a zero instead of a letter O!).
  2. Check the website designation before doing anything. Even if you’re shopping on your favorite retail site or uploading photos to your favorite social media platform, give a quick glance at the top of the screen. Secure sites will have an HTTPS designation before the “Amazon.com” instead of HTTP. If the S is missing, your data should be missing, too!
  3. Check with the entity directly. Most major websites have had copycats steal their logos and try to convince unsuspecting users to click over to the fake site. Amazon and PayPal are just two common ones, but iTunes, Facebook, Citibank and other major financial providers, and other highly visible names also have similar fake sites.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.