November 01, 2006
Attorney General Baker Warns Georgians To Avoid Phishing And Email Scams As Holidays Approach
It is a fact of life that emails have become an essential method of communication for the vast majority of Georgians, and a significant number of Georgians do some or all of their banking business online. As the financial traffic on the internet has increased, fraud artists have been attracted to the riches that this online traffic has offered. What started out a couple of years ago as basic as a solicitation from the Fifth Third Bank of the Internet has morphed into emails that appear to be from your actual banking institution, complete with a hyperlink at the bottom of the message that appears to direct you to your bank or credit union's website. In order to protect yourself, there are a few basic rules of thumb to follow when doing business online or even communicating with others via email.
Basic email advice
Never send personally identifying information (for example, your social security number, date of birth, or driver’s license number) or financial information (such as bank account number, bank routing code, or credit card account number) via email. Information that travels over the Internet, such as email, is not fully protected from being intercepted and read by outside parties. Even emailing something that to your neighbor next door or your parents across town can allow the financial information that you include without a second thought to be read by hackers in Asia or Europe who can then use that information to access your accounts or create new credit accounts in your name. Most reputable bank, credit card, or merchant sites use encryption technologies that will protect your private data from being accessed by others as you conduct an online transaction.
Phishing
The most common email fraud scam, phishing emails appear to be from businesses alerting you to customer account problems and requesting that you verify financial or personal information. Phishing attempts to trick consumers into revealing personal information such as their credit or debit account numbers, checking account information, Social Security numbers, or banking account passwords, through fake Web sites or in a reply email.
Consumers who visit these sites will often notice no difference between the spoofed, or fake, site and the legitimate site; programmers often go to great lengths to make the site appear as legitimate as possible because if they succeed in obtaining a person’s information, it can mean thousands of dollars in criminal proceeds. Phishing emails, and the Web sites they link to, typically use familiar logos and familiar graphics to deceive consumers into thinking the sender or Web site owner is a government agency, such as the IRS or the FBI, or a company they know, such as a national bank or credit card issuer. Sometimes the phisher urges intended victims to “confirm” account information that has been “stolen” or “lost.”
Look for these red flags if the email: • Does not address you by name or does not reference a partial account number or some other method of verifying that this company actually does business with you • Asks you to provide personal information such as your bank account number, an account password, credit card number, PIN number, mother’s maiden name, or Social Security number • Warns that you have been a victim of fraud or that your account will be shut down unless you reconfirm your financial information • Contains spelling or grammatical errors
If you receive an email that appears to be from your bank or credit card issuer requesting financial information or any other personal data: • Do NOT reply to the email or respond by clicking on a link within the email message, even if that link appears to be to a legitimate site. • Do NOT send personal information (e.g., credit or debit card number, Social Security number, or PIN) in response to an email request from anyone or any entity. • DO contact the actual business that allegedly sent the email to verify if it is genuine. Call a phone number or visit a Web site that you know to be legitimate, such as those provided on your monthly statements.
Trojan Horse virus
What’s a Trojan Horse virus? A Trojan Horse is an email virus usually released by an email attachment. It is often disguised as a file that appears helpful (for example it may appear as a Zip file, a Microsoft Office file, or an anti-spyware program), but it can do great damage to your computer or your financial integrity if opened. If the user opens the file, often times it will scour your hard drive for any personal and financial information such as your social security, bank account, and PIN numbers. The information is then sent to a thief’s database.
What you can do: Beware of emails from addresses or persons that you are not familiar with, especially if they contain attachments. Delete the email right away. Do not “unsubscribe.” This will tell the culprit that your email address is active. Even good friends may have unknowingly sent a virus or Trojan horse via an email attachment if their computer becomes infected.
Spyware
What's Spyware? Spyware is software that consumers unknowingly install, sometimes packaged with other software, that can track online usage and personal information. You should look for these clues to determine if your computer has spyware: • A sudden increase in pop-up ads • A browser that takes you to sites other than those you type into the address box • Sudden or repeated changes in your computer’s home page • The appearance of new or unexpected toolbars or icons • Keys that suddenly don’t work • Sluggish or slow performance when opening programs or saving files
What you can do to minimize your risk from spyware • Make sure you have the most current operating software for your system and Web browser. • Free software is great, but make sure you obtain it only from sites you know and trust, especially since many free applications bundle other software that may include spyware. • Clicking on links within pop-ups can install software on your computer. Many browsers now have user options that eliminate pop-ups; check your software’s help menu. • Some links in email spam that claim to be anti-spyware programs actually install spyware on your system. • Your best line of protection, a personal firewall (part of many anti-virus programs) will stop uninvited users from accessing your computer.
Think you have spyware? Get anti-spyware software from a vendor you know and trust. Scan your computer with it at least once per week and delete any programs that the anti-spyware program detects as spyware.