NASHVILLE, TN – “You have notifications pending.” So states the email purportedly from Facebook, alerting you to missed updates related to your Facebook account. It features, under the familiar logo with “Facebook” spelled out in white letters in a blue bar, two boxes for you to click if you wish to go to either your Facebook homepage or to all of your account’s notifications.
But, the boxes are links to a site not affiliated with Facebook, and clicking on either box could expose your computer to an attack aimed at stealing your information. And, upon closer inspection, you see that – though the sender is listed as “Facebook” – the sender’s email address apparently has no relation to the social networking site.
Another common email features this request: “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
Don’t click the links. Don’t trust the emails. Fraudulent emails such as these are involved in “phishing” – when Internet swindlers send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security numbers, passwords or other sensitive data) from unsuspecting victims.
“Understand that fraudsters will use whatever means at their disposal to dupe an unsuspecting person into surrendering their personal information,” Commerce and Insurance Consumer Affairs Director Gary Cordell says.
“We even have seen emails claiming to be from the New York Division of Unemployment Assistance stating that the recipient of the email is required to supply information related to a former employee after clicking on a link. We contacted the agency and got confirmation that it was a phishing email,” Cordell says
Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose it to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
Consumer Affairs offers these tips to help you avoid getting hooked by a phishing scam:
- Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your web browser – phishers can make links look like they go one place when they actually send you to a different site (hovering your mouse pointer over the link can help you uncover the real address).
- If you need to reach an organization you do business with, call the number of your financial institution on the back of your card – not the number listed on an email. And, you always have the option of visiting the business in person.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
- Don’t email personal or financial information.
- Be cautious about opening any attachment or downloading any files from emails that you receive, regardless of who sent them.
- Forward phishing emails to firstname.lastname@example.org – and to the company (in the Facebook example, the address would be email@example.com), bank or organization impersonated in the email.
The Federal Trade Commission has an e-card that you can forward to your friends to warn them about phishing scams. The link is www.ftc.gov/phishing.
Consumer Affairs (www.tn.gov/consumer) is a division of the Department of Commerce and Insurance, which works to protect consumers while ensuring fair competition for industries and professionals who do business in Tennessee. www.tn.gov/commerce/, @TNCommerceInsur (Twitter), http://on.fb.me/uFQwUZ (Facebook), http://bit.ly/ry1GyX (YouTube)