Today’s column began as an email to my parents to warn them. I’d planned on sending it under the subject line “At least this message you can trust.”
Email scams are as old as email itself. But something’s happened recently: the scammers have reached a new sinister level in the pervasiveness and cleverness of their tactics.
The numbers back it up. According to Consumer Reports, almost 16 million households last year became victims of identity theft, and online skullduggery is how. Do the quick math and cringe. With 115 million households in the U.S., that’s 14 percent of us impacted annually.
I’m not talking about the classics. If all the appeals from that Nigerian exile dying to transfer 1.5 million pounds to my account had been authentic (it’s pounds sterling, not dollars, so it must be true!), I’d own Europe by now. I’ve won lotteries from countries I didn’t know existed, like Ugottabekiddinistan.
I’m talking about phishing, an apt name. More than 9 million Americans fell prey last year. The emails look so familiar, they suck(er) you in. It’s like running into an old friend on the sidewalk, giving a big hug, and then pulling back to stare into the face of a drooling zombie. By then, you’ve picked up cooties.
The most dangerous email scam looks like it’s from your bank urgently asking that you verify your account access information. Why their urgency? Because they’re fighting scammers! After all, Yahoo recently had 400,000 accounts hacked, which is true.
The email includes your bank’s logo, professional masthead, legal disclaimers at the bottom, the works. But it’s fake. Pity those who take the bait and open their door to strangers.
The same types of messages purport to come from Facebook, Twitter and LinkedIn. “Secure your account,” they urge. The links take you to familiar-looking pages where you’re asked to login as you normally would. Seems a reasonable precaution. But in spite of appearances, you’re not logging into Facebook. You’re entering your personal data into a criminal’s database.
The best look-alike sites dupe victims into entering credit card numbers, mothers’ maiden names, Social Security numbers, bank routing numbers and more, everything needed for the worst kind of identity theft.
How to protect yourself? Before I continue, a disclaimer: I’m no expert, just an observer. At work, I see hundreds of emails daily, among them dozens of scams. I’m stunned at how good the crooks have become at simulating legitimate communications. Anyway, Googling “Federal Trade Commission phishing scams” will get you to expert advice.
Here’s the shorthand version. Unless you’ve specifically requested an email response from an organization, don’t reply to the message, don’t open attachments and don’t click on any links embedded within the message. If you’re careful, you can roll your mouse over an embedded link to reveal the true destination URL, if you were to click (don’t!). It’s the http://… address typically appearing near the bottom of your email browser. That’s the path to the crook’s system.
Better still, never click on a link in any email. If you still want to communicate with the organization, open up your web browser, type in the legitimate URL and pay a visit on your terms, with no fear of zombies.