Warning, warning, danger, danger
There are some extremely devious and tricky emails out there that want to fool you into thinking you need to click on a link in the email to verify a bank account, a credit card number, or maybe to change a credit card expiration date. Such scams are getting much smarter and appear much more realistic than ever before.
I nearly just got fooled by one, purporting to be from eBay asking me to verify credit card info. I’ve gotten similar emails pretending to be from PayPal. This is called “phishing”, and the emails are scams to get credit card numbers.
Here’s how to avoid such scams yet also check to make sure if your account is, in fact, ok.
1) Never ever click on links in any email asking you to update account or credit card information
2) Instead, go to the website in question the way you normally do (via a bookmark or typing the address.), then go to your account information. If something in your account actually needs to be updated, the website will tell you.
For example, I just got a phony email pretending to be from eBay saying to click here to update the expiration date on your credit card number (which in fact does expire next month.) Something about the email didn’t look right, so I logged onto eBay and saw no message from eBay about updating my account. So, I forwarded the email to spoof@ebay.com and within minutes they replied saying thank you, the email was not from eBay, it was a scam.
You might consider using the free SpoofStick, which resides on your browser bar and tells you the actual website you are on, not the address the email is pretending to be. And yes, another variant of phishing puts a phony address in your browser bar address by using a graphics file – however SpoofStick will still display the real address.
From SpoofStick
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places – hoping that some percentage of users won’t notice the incorrect URL and give away important information. This practice is sometimes known as “phishing”.
SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It’s not a comprehensive solution, but it’s a good start.
Be careful out there.