 Online con artists—just like those in the physical world—continue to develop new and more sophisticated ways to trick you online. The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means it is.  Tip: If you believe you might have already provided personal or financial information in response to an e-mail message that looked like one of these examples, read What to do if you've responded to a phishing scam. | • | "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate. If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond to this phishing scam. To learn more, read Fraudulent e-mail sent to Microsoft customers. | | • | "If you don't respond within 48 hours, your account will be closed." Phishing e-mail might be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might threaten to close or suspend your account or might even say your response is required because your account might have been compromised. | | • | "Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name. | | • | "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click might contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign. |
 Example of masked URL address Another common technique that con artists use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com Microsoft won several lawsuits against individuals who have used these types of URLs to pose as legitimate Microsoft properties. However, the practice remains pervasive, so be aware of this technique. To learn more about how to handle suspicious e-mail, read The dos and don'ts of dealing with suspicious e-mail.
| |
