Remember the early days of the Internet when you could spot a scammer’s email from a mile off? Their messages, littered with spelling mistakes, would offer you millions of dollars for helping them transfer money to some far-off place.
Well, times have changed, and experts say fraudsters are using increasingly sophisticated techniques to steal your personal data, such as bank passwords and credit card information.
The latest threat is spear-phishing, where scammers will pose as people you trust, lacing their emails with viruses or tricking you into visiting data-pilfering websites.
The most dedicated scammers will spend a lot time and money crafting emails that look like the real thing, says Laura Iwan, chief security officer at the Center for Internet Security. “One has to be very diligent when they are reading their email.”
With that in mind, we’ve come up with a few different email scenarios—do you know which you should open and which you shouldn’t?
Your bank says someone has stolen your identity and it needs your account number and online password to confirm you are you.
Reason: Any bank worth its salt won’t ask you for sensitive information over email. The message is likely from scammers.
Tip: Be skeptical about every link you receive, even it’s from an organization you trust. Iwan says you should call your bank and get “confirmation before you actually take action.”
You get a one-line email from Mom saying: “Check out this video of kittens falling asleep!”
Open? Not right away.
Reason: If the email doesn’t address you personally, be wary. It’s possible that your mom’s account has been hacked. Give her a shout—it’s time for a call anyway, isn’t it? (She’ll want to update you about your dad’s fight with the squirrels anyway)—and ask if she sent the message.
Tip: If your computer does become infected, turn it off and bring it to an IT expert, says Iwan. There are several telltale signs your computer has a virus. You may see a surge in pop-up ads, your web browser may mysteriously redirect you to strange sites, and your machine may work without you, especially at night.
Powerball sends you an email saying you’ve hit the jackpot. They just need your bank account info so they can deposit the winnings.
Reason: It’s a scam. Lottery tickets are sold anonymously, so officials don’t actually know who has won until someone claims the prize. “If it’s too good to be true, it is,” says Iwan.
Tip: Scammers love to exploit the lotto angle, especially when a big jackpot is in the news. If you play the lotto, ask the attendant when purchasing tickets the best way to confirm the winning numbers.
You get an email from an online retailer saying your dog’s Halloween costume is being held until you update your password and credit card info over email.
Reason: Most reputable online retailers won’t ask you for sensitive information over email. To make account changes, you normally need to log on to a secure payment site. But you might be asking: “How would scammers know about Rex’s Ewok outfit?” Well, some will actually follow you on social media in the hopes of picking up information they can exploit.
Tip: Be wary of how much you say in social media about upcoming and past purchases. And always scrutinize emails from online retailers, looking for spelling mistakes, strange formatting and unfamiliar links.
You get an email from your IT administrator warning you about phishing. You must click on a link—right now!—to learn more.
Open? Not right away
Reason: Urgency in an email is a red flag, says Iwan. Scammers are hoping you panic and make a bad decision, so before you click on the link, confirm with your IT department that the message is legit.
Tip: You can sometimes spot bogus links by hovering over them with your cursor—just make sure you don’t click. After a second or so, you’ll see the website that link is pointing to. Look at it closely and if it’s something you’ve never seen before, steer clear.
Did you know there was a new identity fraud victim every two seconds in 2013?* Avoid becoming a victim by learning how GEICO can help you get Identity Protection at geico.com.
By Andrew Raven