I often
receive email messages from PayPal, eBay, Citibank, and other companies telling
me that there is a problem with my account and asking me to confirm confidential
financial information, such as usernames, passwords, checking account numbers,
and credit card numbers. Are these messages legitimate?
These email
messages are never valid. No legitimate company will ever send you an
email asking you to confirm confidential financial information.
These
deceptive email messages represent the fastest growing and most dangerous type
of scam on the Web: a spamming practice called phishing (pronounced fishing). In
phishing, the phisher sends out thousands of email messages, hoping to entice a
few people to take the bait and provide the requested financial information,
which is then funneled directly back to the phisher.
Using a practice
known as spoofing, phishers craft emails that appear to come
from legitimate companies. Such emails often contain forms asking for
confidential financial information or links to forged Web pages that appear to
be part of the company’s official Web site. The forged Web page asks you to
provide the confidential information. Some of the senders of these email
messages are so audacious and clever that they even include warnings about such
malicious email messages in an attempt to give their own messages more
credibility.
How can
I avoid becoming a phishing victim?
Never provide confidential
financial information in response to an email or click a link embedded in a
suspected spam message. Note that simply clicking the link could trigger the
automatic installation of a keystroke logger (software that
captures your confidential information by recording each key you type and
transmitting this information to a third party via the Internet).
Web Author: R. Wolfe -Updated 27 OCT 2004