My 12/06/09 Missoulian column
I haven’t covered phishing scams in about a year and a half, but that doesn’t mean they’re not out there.
Christmas season brings e-mails from fake charities asking for online donations and bogus overnighted package delivery notices “requiring” your credit card number for drop off.
Phishing scams get their name because the scammers are out “fishing” for you to take the e-mailed bait and click on a link out of curiosity, like donating for a special cause or the delivery of an urgent package.
Other phishing e-mails try to scare you into opening them by having subject lines such as, “Please check your account now” or “Account now closed.” If you open the e-mail, it urges you to click a link to login to your bank or credit card account right away, saying your account will be locked if you don’t take action.
If you click on the link in any of these types of phishing e-mails, you are taken to a copy of a real Web site that has been moved to another server, where the scammers hope to fool you into entering your banking or account information.
Phishing e-mails and destination forged Web sites can look real enough to fool just about anyone. According to a recent story in the New York Times, Robert Mueller, the director of the Federal Bureau of Investigation, recently admitted he nearly fell for one.
Mueller clicked on a link in a fake e-mail purportedly from his regular bank and began to follow the instructions to “verify” his account information, but luckily realized his mistake in time.
You will also see phishing e-mails from services such as PayPal and eBay, among others, because they are popular sites, and as a result, popular targets of scammers.
But legitimate banks and online stores will never send you an e-mail with a link to click to go to the site; they will advise you to type the URL directly into your browser, or call them.
Yet another reason to not open e-mails with suspicious subject lines is that just opening them can sometimes plant malware on your PC, even if you don’t get hooked by the phishing attempt inside.