Casting a Line
Whether it is coming from eBay, PayPal, Amazon.com or your local bank – or just as likely a bank from another part of the country that you may have never heard of – the message is the same. Someone has attempted to access your account, and you must respond immediately or else your account will be frozen, suspended or even canceled. On the surface this e-mail looks convincing, often with official sounding descriptions of the problem, logos from the company or bank, and a convenient link to help you get things sorted out. The problem is that the link doesn’t take you to the actual site; it takes you to a Web site that has one sole purpose, to get as much information from you as possible.
This is called a phishing scam, because the senders are “fishing" for as much personal information as they can get. That “convenient link" takes you to a site that also appears to be the real deal, and here you’re asked to answer all sorts of highly personal information. This should be the first red flag! “Is somebody asking me to confirm my account detail including username, password and credit card info," asks Shane Coursen, Kaspersky Lab, senior technical consultant, “if so, this is the first and most obvious sign that the e-mail is a fraud."
Instead of replying or clicking on the link Coursen says the best thing to do is to forward the e-mail to the abuse department of the Web site that this supposedly came from, and more importantly do not click on any link. If you do nothing else, ignoring and deleting is the right course of action. “Another thing I always recommend is setting your e-mail reader to open all e-mail in text only. HTML sites might be more convenient, but the URL links are hidden. In text only mode, I can see if the URL points to the actual site, or if it is taking me to a suspicious or unknown location."