In the pre-Internet era, con men, also known as confidence
men, would gain victims’ confidence through the use of deception, to defraud
them. The same principles are being used today, only now to an even greater
efficiency through the use of online scams.
In addition to the information below, please also be aware of email scams associated with the recent and horrific Boston Marathon attack that took place earlier this week.
In addition to the information below, please also be aware of email scams associated with the recent and horrific Boston Marathon attack that took place earlier this week.
One of the most prolific means for
online scamming is phishing. When using email, it is
difficult to know, with certainty, with whom you are communicating. Scammers
will utilize this uncertainty to pose as legitimate businesses, organizations,
or individuals, and gain the trust of users. If a scammer is able to gain the
trust of victims, they can leverage this trust to convince victims to willingly
give up information or click on malicious links or attachments.
To gain users
trust, scammers will appear like legitimate businesses or organizations, by
spoofing the email address, creating a fake website with legitimate logos and even
providing phone numbers to an illegitimate customer service center operated by
the scammers.
Two Common Types of Phishing
Attacks
- Phishing scams are perhaps one of the best-known forms of email
scams. This type of scam involves a scammer pretending to have a fortune that
he or she is incapable of accessing without the help of someone trustworthy,
which happens to be you! The scammers will try to obtain the user’s financial
information using an empty promise of sharing the wealth in exchange for their
help.
- Spear-phishing is a targeted and personalized attack in which a specific organization or an individual is the target. These attacks will utilize information about the user email addresses, which are similar to those of their acquaintances to entice the users to either divulge sensitive information or download a malicious file. This often requires a lot of information gathering on the targets and has become one of the favored tricks used in cyber espionage.
- Be cautious about all communications you receive including those purported to be from "trusted entities" and be careful when clicking links contained within those messages. If in doubt, do not click.
- Don’t respond to any spam-type e-mails.
- Don’t send your personal information via email.
- Don’t input your information in a pop-up; if you are interested in an offer that you see advertised in a pop-up ad, contact the retailer directly through its homepage, retail outlet or other legitimate contact methods.
- The email has poor spelling or grammar.
- For secure transactions, look for a lock icon in the URL.
- The use of threats or incredible offers is a common tactic that tries to elicit an emotional response to cloud the user’s judgment.
- The URL does not match that of the legitimate site. Scammers cannot use the same URL associated with the legitimate websites, so they will tweak the address of their spoofed website so that at a quick glance it looks legitimate.
- The URL may use a different domain name (e.g., .com vs .net)
- The URL may use variations of the spelling of the actual address