The old adage
that you can't believe everything you read holds especially true when it comes to e-mail. From Viagra spam to viruses sent by acquaintances, you can't take every piece of e-mail you receive at face value.
The latest case in point: I recently received an e-mail message that appeared to be from eBay, the online auction house. The message informed me that the company was updating its customer database and that it had been a long time since I had visited them. Could I please update some of the personal information attached to my account? Soon after that, I got a similar solicitation from PayPal.
Small problem: I've never used eBay or PayPal.
Something's phishy here
Curious, I checked out the eBay link and was taken to a site with the familiar eBay colors and graphics. It was convincing for a moment. Then I noticed that the URL was in no way related to the eBay domain. Also, the information requested on the site--Social Security number, mother's maiden name, driver's license number--was stuff no sensible person would divulge online without asking a lot of questions first. I knew then that I was the victim of a "phishing" expedition.
The message informed me that the company was updating its customer database.
The term phishing
is relatively new but is becoming widely known thanks to several recent scams
involving America Online, eBay, PayPal, Amazon, and others. Phishers
send out e-mail like the messages I received, hoping to fool regular users of these services into divulging personal details. Those details can then be used to perpetrate identity theft. Unfortunately, people fall for the scam, so we keep seeing these messages.
Even if you don't supply the information, simply loading the phony Web form can be dangerous. These sites may surreptitiously download spyware and adware onto your computer. Or worse, the page may contain malicious scripts that could damage your system.
, the e-mail virus that hopes to lure you into clicking its attached file, phishing scams prey on us through the ease of e-mail. But just as we've learned not to open files attached to unsolicited e-mail, we should now avoid following links embedded within such messages--or at the very least, be extremely cautious about it.
If in doubt, check it out
So, the next time you get e-mail from someone you don't know and it contains an embedded link, let your mouse hover over the link before you click it. If the link text reads www.legitcompany.com,
but you see www.fraudcompany.com
on the status line, you'll know not to click.
Malicious users can spoof addresses so that the URL on the status line looks legit.
Unfortunately, it's not always so cut-and-dried. Malicious users can spoof addresses so that the URL on the status line looks legit yet really points somewhere else entirely. If you do click such links, hit the Back or Home button on your browser immediately. You may be able to prevent something from being transferred to your PC.
All this isn't to say we should abandon e-mail. Not at all; it's just that we need to be more suspicious of our e-mail, instant messages, and pop-up solicitations. The Internet has passed through its age of innocence and moved on to horseplay and malicious pranks. Can maturity be very far ahead?
Have you ever received an e-mail solicitation asking you for personal information? Tell me about it--TalkBack to me!
Note to TalkBack users: We upgraded TalkBack last Friday. This means you will need to register in the new system, if you haven't already. The TalkBack username and password you used before Friday will not work anymore. We apologize for the inconvenience.