The latest ploy to steal your credit card number and personal information is so believable that many are falling for it. Con artists are using the telephone in an attempt to trick you to act on an e-mail that looks like it was sent from PayPal, eBay's online payment service.
The-mail uses the same slick come-on as many nefarious attempts to steal your personal information, warning you there was a problem with your PayPal account. But there is no link to click. Instead, users are asked to call a phone number where an automated answering machine asks for account information, mimicking the legitimate ways that customers interact with financial institutions, reports The Associated Press.
Security experts call this new scam "vishing" -- short for "voice phishing."
Sometimes vishing begins with a phone call, not an e-mail. And these calls are quite believable, because the caller already knows your credit card number. All you are asked to provide is the three-digit security code found on the back of the card. "It is becoming more difficult to distinguish phishing attempts from actual attempts to contact customers," Ron O'Brien, a security analyst with Sophos PLC, told the AP.
Here is the valuable lesson: "If you get a telephone call where someone is asking you to provide or confirm any of your personal information, immediately hang up and call your financial institution with the number on the back of the card," Paul Henry, a vice president with Secure Computing Corp. told AP. "If it was a real issue, they can address the issue."
Words of advice:
• Never give anyone your credit card number or the three-digit security code on the back of the card unless you initiate the call. And if you're calling in response to an e-mail, that doesn't count as initiating the call!
• Never click on links in e-mails unless you know the sender and are sure the link is legitimate.
• Never give your personal information to a stranger online or over the telephone.
Spam is annoying, but phishing is dangerous. E-mail phishing scams have one purpose: theft.
What is a phishing scam? It's an e-mail sent to you and hundreds of thousands of others with a message that tries to trick you into revealing sensitive personal information, such as passwords, banking information, your Social Security number, your mother's maiden name, your date of birth and more. The attack is waged against you in an attempt to hijack your assets, steal your identity or even open credit card accounts in your name.
The plea in the e-mail may try to warn you of danger, offer you something for free or entice you with sexy or nude photos or videos of famous people. As phishers become smarter, they are creating more believable scenarios. No matter the ploy, they all have one thing in common: They want you to click on a link or download a file. Don't do it!
Savvy users learn how to spot the e-mail messages sent by phishers and scammers. While some of them are tough to weed out, almost all of them will contain one or more clues that it's a scam. You just have to know what to look for.
Top 5 clues for spotting an e-mail scam:
Clue No. 1: Check the spelling
Scammers are notorious for their lack of basic spelling and grammar skills. Look for misspelled words and incomplete or awkwardly written sentences. It's not uncommon for a scam e-mail that is purportedly from a reputable and well known organization to misspell the name of that organization! For example, one e-mail scam aimed at Facebook users spelled the name of the site in lowercase ("facebook").
Clue No. 2: Who signed it?
If it's a legitimate e-mail from a business, it will be signed with a person's name and contact information, but if it signs off with something vague, such as "Customer Support," be wary.
Clue No. 3: DOES THE E-MAIL SCREAM AT YOU IN ALL CAPS?
Be especially aware of e-mails that try to get your attention by using all capital letters, especially in the subject line. Using all caps has long been viewed as online shouting. It just isn't done. The authors of scam e-mails tend to write prose that is over-the-top and very emotional. In addition to a lot of capital letters, look for an excess of exclamation points and dire warnings, such as "Urgent!" or "Danger!"
Clue No. 4: The e-mail has an executable attachment
Phishers can only scam you if you let them. And you do just that if you download e-mail attachments, which can contain computer viruses. Since a favorite way to send a scam e-mail is by making it look as if it were sent to you by someone in your e-mail address book, don't be fooled by the sender's name. Never download an attachment unless you are sure it's legitimate.
Clue No. 5: The e-mail has a link to a Web site
As more people have learned they shouldn't download attachments from strangers, scammers have caught on. Instead of attaching a file, they include a clickable link to a Web site. Click on that link, and you might be asked to provide personal information. Do it, and you've been scammed. For example, you might receive an e-mail that appears to be from your bank, offering you a very low interest rate on a mortgage or home equity loan. If you click on the link, it could ask your name, bank account number and online banking password to get onto the site. Don't ever provide this information if you got on the site by clicking a link in an e-mail.
One final word of advice: Never, ever respond to a spam e-mail. By doing so you confirm your e-mail account is active, and you'll likely be inundated with more spam.