I was reading my weekly email NL from Vipre, my security software, and thought this advice about the Newest Phishing Scams was important enough to pass on.
(If you visit the home page for Vipre, you'll see they have home and business versions. I've been a Vipre customer for many years. They protect you without the bloatware so many other security softwares inflict upon your computer that slows your speed down to a crawl.)
Phishing, Scams, and Malware: Oh My!
Yes, we all know that thieves lurk all over the Internet, but it's good to be aware of the existing scams and any new schemes cropping up. The newsletter said the new ones specifically target PayPal and Amazon users.
However, these are not new scams. They've been around forever, but it's good to remind you of good security practices.
Scams Target PayPal Customers
A phishing email alerting the receiver that his or her PayPal account has been limited for security reasons is sent to unsuspecting PayPal users. The email contains a link. If you get this email and you click on the link in the email, you may be taken to a site that looks very similar to PayPal, but it's a spoof site. If you continue and submit your PayPal username and password as requested, your PayPal account and whatever bank account may be linked to it will be emptied. Probably faster than you can say phishing scam. Any credit card linked to it will be maxed out as well.
What To Look For
On many of these phishing emails, PayPal may be misspelled. Check any email out thoroughly for mistakes and typos.
If you right click on the email sender's addy, you may notice that the email domain is something besides @ PalPay dot com. Also, remember this, NO website at which you have a registered account will ask you for your login and password information. They already have this!
Scam Targeting Amazon Customers
Again, the hook for unsuspecting customers is an email designed to steal personal information and/or to install malicious software aka malware.
These emails may look as if they are from Amazon, but they're designed to fool you. One might be an order confirmation for something you didn't purchase. It might be an email with an attachment to an order confirmation.
The requests in these various emails could ask for: username, password or other personal information; updated payment information for your Amazon account; or is an email with links to fake websites that look like Amazon but opening the email actually starts a download of software.
Again, these fake phishing emails usually contain a forged email address from an Internet Service Provider and have many typos or grammatical errors.
What To Do
If you get an email about an order, and you know you didn't place that order, don't click anything in the email. Close the email. Open a new tab on your browser, and go to your Amazon account to check. Everything you've ever ordered is shown there.
If you get an email asking for your account information or personal information, do NOT provide it. Amazon already has that information for you.
Never open an attachment purportedly from Amazon because if they were going to send you an attachment, you would know about it because they would have discussed it with you.
In all the years I've been an Amazon customer, I've never received an email with an attachment from them. If I need a shipping label from them to return something, they send an email--after I've already discussed the return with them--directing me to the Amazon page to print a shipping label.
Security Tips
1. Never respond to any unsolicited e-mails like these.
2. Never click a link if you do open an unsolicited email from a business.
3. Never open any attachments on an email unless you know the person and you know they were sending you something. Businesses do not send attachments if they email you unless you have corresponded with them and they told you they would email you something.
4.Never respond to an email or pop-up message asking for personal or financial information. Companies with whom you have a relationship already have your information.
5. If an unsolicited email causes you concern about your account, contact the organization in the email using a telephone number you know to be genuine. Or open a new tab on your browser and go to their Internet address. If you want to alert them to the phishing email, do NOT copy and paste the link from the suspected fake message.
6. It's not a good practice to ever email personal or financial information to anyone because email accounts can be hacked. Email is not considered a secure means of sending confidential information.
7.If you do make an online transaction and need to personal and/or financial information through the company’s website, make sure the URL begins with https: that s in http stands for Secure. You may also see a lock icon on the browser status bar. The S in https and the lock icon mean the transmission is secure and encrypted.
Mea Culpa
I've got to admit that a few times I carelessly clicked a link (in a friend's email that had been hacked which I did not know at the time), and my Vipre Internet Security immediately stopped the website from opening.
A message from Vipre popped on the monitor saying that the website was unsafe. On one such occasion, I contacted Vipre because I thought they were wrong. *LOL* They promptly got back to me and explained that the URL was correct for that website, but that it had been hijacked.
Takeaway Truth
A little paranoia is a darn good thing when it comes the Internet. Be safe and secure.