Whether it is coming from eBay, PayPal, Amazon.com or your local bank—or just as likely a bank from another part of the country that you may have never heard of—the message is often very much the same. Someone has attempted to access your account and you must respond immediately or else your account will be frozen, suspended or even canceled.
On the surface this e-mail looks convincing, often with official sounding descriptions of the problem, logos from the company or bank, and a convenient link to help you get things sorted out. The problem is that the link doesn’t take you to the actual site; it takes you to a Web site that has one sole purpose, to get as much information from you as possible.
This is called a phishing scam because the senders are “fishing” for as much personal information as they can get. That “convenient link” takes you to a site that also appears to be the real deal and here you’re asked to answer all sorts of highly personal information. This should be the first red flag! If anyone is asking you to confirm anything, including username, password or other private data, an alarm should go off inside your head that fraud is taking place.
Instead of replying or clicking on the link the best thing to do is to forward the e-mail to the abuse department of the Web site that this supposedly came from. Even more important, do not click on any link from the e-mail. If you do nothing else, ignoring and deleting is the right course of action.
Another popular scam is a message from a user on eBay, often claiming to have won an auction that you probably didn’t even run, or a user from PayPal saying that money was sent. In these cases the e-mails may look just like the real ones that you’d get from legitimate users. Again, don’t click on ANY of the links. Instead, open a new browser window and login directly to the eBay/PayPal Web site. Any legitimate message you received in e-mail will be available on your user pages as well.
These targeted attacks can be very dangerous because they seem so personal. The best way to protect yourself is by increased awareness that such threats do exist and that you should place a healthy does of skepticism into every piece of e-mail received. One thing to be aware of is that most sites will also never contact you with the greeting, “Dear user,” or even simply call you “customer.” When you get any correspondence through e-mail with the opening, “Dear PayPal User,” you can be 100 percent certain that it is not legitimate. But that doesn’t mean that if they do call you by name or your account ID that it is legit either. Phishers are getting more savvy and creating greetings that match closely to the e-mail address.
Again, when opening your e-mail be skeptical and never click through a link. No bank or service is going to really limit your access if you don’t respond. And credit card companies are more likely to call you if there is a problem. Lastly, no matter what you do, never give out any personal information. You don’t want to become that big catch for the phishers.