The price we pay for the convenience of e-mail is the ease with which unscrupulous senders perpetrate e-mail scams on unsuspecting users. If you have used e-mail with any frequency over the past decade, you have seen it firsthand, although you might not realize it. Someone overseas requests help moving a huge quantity of money using your bank account, with you receiving a percentage of the money as payment for your assistance. You are notified that you are a winner in an international lottery that you don't remember entering. Your bank requests verification of your account information to avoid shutting down your account.
Each case is an example of someone trying to trick you into divulging personally sensitive data such as your bank account number, social security number, ATM code, passwords, or anything else that could be used to compromise your accounts. The most recent incarnation of this scam has come to be known as phishing. In this instance, the scammer poses as a trusted entity via e-mail. The e-mail looks authentic. It has corporate logos and looks like other e-mails you may have received in the past. All you have to do is click on the link provided in the e-mail and use an online form to submit your account information.
Don't do it.
The link typically forwards you to a fraudulent site and any information you submit will be captured by someone hoping to steal your money or identity. Using this information, the scammer may defraud you or even commit crimes in your name. Unfortunately, phishing is a lucrative business. Approximately 1.2 million people fell prey to phishing scams within the past year, and the financial impact to victims totaled nearly $1 billion. However, there are steps you can take to protect yourself from phishing.
Be wary of any e-mail that asks you for personally sensitive information such as credit card numbers, your SSN, bank account, password, etc. Legitimate companies go out of their way to tell you that they will not ask for this sort of information through such an insecure channel as e-mail.
Don't click on links within a suspicious e-mail, and don't respond to the sender.
Report and forward any suspicious e-mail to the organization the e-mail claims to represent.
Avoid submitting sensitive information through unsecured or suspicious Web sites.
Review your financial statements regularly for potential fraud.
If you suspect that you've been a victim, you may file a complaint with the Federal Trade Commission (FTC). The FTC has a number of resources to help you learn more about identity fraud schemes such as phishing. Visit www.consumer.gov/idtheft for more information. As a rule of thumb, however, never send anything through e-mail that you wouldn't want posted on a billboard somewhere. Always be sensitive about sending sensitive information in e-mail.