Thursday, August 31, 2006

Preventing email scams

(Editor's Note: A reader sent us this as a personal warning. While it may not be useful to many of you who are techie-oriented, we recognize that many readers in our audience are unsophisticated hayseeds; therefore, our posting this may prevent some of you from stepping into a financial trap. Thanks to "H," one of our faithful readers in Austin, for sending this to us.)

"An email comes that looks just like it came from paypal.com (or ebay.com
or amazon.com), and it says something like:

- your account needs updating
- your account has been accessed and possibly compromised
- you can get a $20 credit by filling out a short survey

It then has a "hot link" (which means it isn't just a listing of the web
address, it is CLICKABLE link to the site), something like this:

Just click here www.paypal.com/accounts to update your account.

So here's the TRICK: the hot link doesn't really take you to
www.paypal.com, instead it will take you to www.craiginfo/paypal.com --
and then it shows a totally realistic but bogus login page. Once you log
in, then the scammer has your login information, and can make charges to
your account.

So here's how to deal with it:

1. NEVER CLICK THE HOT LINK -- ALWAYS TYPE THE LINK manually into the
address on your browser, for example above, you should start a new
browser window, and type in www.paypal.com/accounts -- that will insure
you will go to the REAL paypal site (if there is even an "accounts" area
on the site). If you do click the link (which you should not), you can
just look at the real address in the window to see if it is bogus, but
in any event -- you should get out of the window and start over by
typing it in the real address. Note that sometimes the bogus link will
be really close, like www/payppal.com, don't type that -- if you see
that, you know it is bogus, so just delete the email.

2. You can RIGHT CLICK the hot link, and then copy it, and then paste it
somewhere (a new word document, or in address portion of a browser
window -- but DON'T actually go there) -- it will then show what the
REAL hot link target is, in the example above it will show
www.craiginfo/paypal.com. If you confirm it is bogus, then just delete
the email.

3. Sometimes an "urgent message" will arrive asking you to log in -- but
the message will be sent to an email account of yours that is NOT the
account you have registered with paypal. For example I get lots of these
scam emails to my roadrunner email account -- but I have registered my
yahoo email account with amazon, paypal, ebay, so anything that comes to
my roadrunner email from paypal is definitely bogus.

4. If you do fall prey and fill out the form, and then realize that you
have been scammed, IMMEDIATELY go to the real site (by fully typing in
the correct site address in a new window), log in and change your password.

By the way, the last legitimate email I got from paypal had their
address link listed -- but it was not a hot link (i.e., not clickable)
-- so you had to type it in. I assume they want to distinguish their
emails this way."



Be careful, friends.

1 comment:

Anonymous said...

Thank you, Mr. Jones, on behalf of all the hayseed rubes.

jimmy k., angleton