This blog is about web marketing strategies, but something happened to me yesterday, which rang my internet security alarm, that I feel is very important to share with you. What you are about to read could save you years of frustration, anger and financial woes.
I’ve been online for over twenty years, if you want to include my stint with Prodigy in the late 1980s and early 90s, so I tend to think that most people also have extensive online experience and knowledge, especially younger people, since they’ve grown up with it.
But what happened to me yesterday both shocked and made me realize how vulnerable and naive many computer users are when it comes to dirty tricks like phishing and scamming for things like how to prevent cystic acne, the act of trying to get an email recipient to open a link (within the body of the email) and supply sensitive personal information through extremely deceptive means, such as impersonating a major bank, eBay or PayPal.
I was at the checkout counter of Trader Joes, where the checkers are usually quite friendly, but noticed that my checker, a young man, maybe late 20s or early 30s, was absentmindedly ringing my items up and his head was literally hanging down. I asked him something like, why the long face? And this poor guy, he just looked up at me for moment, exasperation in his eyes, and said, oh, man. I had my identity stolen. All my credit cards. Everything.
I figured he was involved in some elaborate scheme to trick him out of his information. He seemed like he should be Internet savvy. I have no basis for that except a gut feeling. The next thing that occurred made my gut feel completely different. I asked him how it happened. His head was down again and he mumbled something I couldn’t discern, then said, they got me through an email, and that’s when my stomach sank. I slowly said, did you open an attachment? He didn’t hear me, but answered the question with a feeble, and it was from a bank.
I could feel his betrayal. It’s like somebody telling you that Santa Claus doesn’t exist, which he does. Reflexively, I started to say, that was a phishing attempt, but I knew it would be like telling a guy who just had his leg cut off by a train to not lay on the tracks. Too little, too late.
His whole world was ripped apart because of his trust. He trusted that the official-looking email he got from his bank was truly from his bank. After all, it had their official logo and legal jargon and a message saying, somebody has tried to unsuccessfully login to your account, so it was suspended. To reactivate your account click on the link below to update your password.
So the poor guy clicked on the link, which did not take him to his bank but to the phisher-man. It asked the guy to enter all of his information again, including his password, just to update. And the poor, unsuspecting, trusting guy did. Then his life changed. The scammers had everything they needed to enter his life, and they did, aggressively and painfully.
Please, ladies and gentlemen, when you get official looking email from PayPal, eBay or a major bank with a request to click on the link, DONT DO IT!!! In most cases you can hover your cursor over the link in the email (hover with your finger off of the mouse button) and you can see the destination URL in the lower left or right hand corner of your browser.
Often, though, the craftiest of the phishers will put the name of the company somewhere in the link, so at first glance it looks like it came from that company. For example. If you need to login to any account that contains any sensitive personal information, do it directly. Manually type in www.PayPal.com, then access your account from their log in screen.
The scammers can easily create an email with all sorts of official-looking images, verbiage and links, but don’t be tempted to ask them, ‘Why is my cat peeing everywhere?’. If you get an email like this that looks suspicious, most, if not all, major corporations have departments that solely deal with phishing and scamming.
Forward the email to them (in full header view) and they can tell you if it’s a phishing attempt or not. Most companies have email addresses like: firstname.lastname@example.org (PayPal’s abuse dept.) or abuse@ (the company’s domain name). It also helps these companies to track down who’s doing this stuff, but that’s an uphill battle.
One final note: Another common phishing attempt is to send you a link in an email from one of your friend’s accounts whom they’ve hacked. Have you ever received an email from one of your friends and they’re adamant about you clicking on this Funny New Video or something that seemed very uncharacteristic of them to send?
Then you get a frantic email from that friend, sent from another email account (because they can no longer access their hacked one), telling you not to open any email from them because they’ve been hacked! Then your heart sinks because you’ve already clicked on the link.
It’s always better to take a few moments when going through your email and really think things through before clicking on any link. It’s much better than spending weeks, months, even years trying to get your life back in order. For Internet marketers this is especially important because most Internet marketers tend to have many more online accounts (with personal information) than the average computer user.