Many of you are aware of the ongoing problem of “Spoof” emails (definition: Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. [see: en.wikipedia.org/wiki/Spoof_Email]). This practice is also sometimes known as Phishing (definition: The act of sending email that falsely claims to be from a legitimate organization. This is usually combined with a threat or request for information: for example, that an account will close, a balance is due, or information is missing from an account. The email will ask the recipient to supply confidential information, such as bank account details, PINs or passwords; these details are then used by the owners of the website to conduct fraud.[see: http://en.wiktionary.org/wiki/phishing].
The implications of responding to a Spoof or Phishing email can have a tremendous impact on your life – identity theft, fraudulent account usage, etc. So, I just wanted to give you all a “head’s up” about what to do when you receive one.
Today, I received a very official looking email that appeared to be from PayPal, a service I use extensively. Here’s what it looked like:
Spoof email from "PayPal"
The thing that clued me in about this email being a “Spoof” was that it included a link that supposedly was to bring me to PayPal’s site, where I was to LOG IN and follow their instructions. I know that PayPal would never provide a link like this. So, I forwarded the email to Spoof@PayPal.com, from whom I received this reply:
Reply From Spoof@PayPal.com
So, just to keep yourself safe, please remember:
- NEVER click a link in an email from a financial institution
- Beware of links inside emails from anyone with whom you’ve done business, in which they then request LogIn information, or additional personal information
- Always verify with the sender whether or not the email you’ve received is legitimate – by contacting them DIRECTLY
- Send suspected Spoof emails, even simply questionable ones, to the company itself, for them to verify. Most legitimate sites have a link to a Spam or Spoof email address for reporting purposes.
Please be careful with your personal information. We work hard for our money and our reputations, and we should work hard to protect them.