Early one morning last week I found an e-mail entitled “Irregular Account Activity.” It claimed to be from Bank of America, and said I needed to complete some information to resolve the issue. The e-mail included an attachment that was a link to a website whose address began with www.bankofamerica.
Not being a morning person, I proceeded to the website and began to fill in my name. Next it asked for driver’s license number. Thankfully this required me to get up so that the blood could return to my brain and trigger my internal scam alarm.
A number of things had seemed normal to me. We do receive legitimate bank e-mail alerts for larger than normal transactions. The logos and fonts on the page requiring information had looked very familiar. However, the request for extensive information was not normal.
The e-mail had been checked and approved by my AVG antivirus software. The return e-mail address and site address started with a seemingly legitimate “BankofAmerica.”
The voices in my head began to speak up: Never click on links included in an e-mail. Don’t supply sensitive information online. Check for “https://” to indicate a secure website.
Going online, I went directly to the banking site I normally access. On the first page I found an e-mail address for reporting suspected fraudulent e-mail. I copied the address and forwarded the e-mail.
It didn’t take long to find reports of similar attempts to steal banking information. By searching for “Bank of America,” “Irregular Account Activity” and “e-mail,” I found several sites warning of e-mail scams.
Illustrations of fraudulent attachments showed how scam artists create very real-looking facades. Design, fonts, logos, and photos are used to duplicate the look of legitimate sites. By now, I was determined not to supply even a first initial online. Knowing how quickly I had fallen earlier, I was suspicious of each website I visited.
In the followup e-mail from the real Bank of America, they gave some guidelines concerning fraudulent e-mail, or “phishing:”
Here are things to keep in mind regarding fraudulent e-mails. Unlike phishing e-mails, we will never ask you to verify personal information in response to an e-mail. Most fake communications convey a sense of urgency by threatening discontinued service.
Many fraudulent e-mails contain misspellings, incorrect grammar, and poor punctuation.
Links within the fake e-mail may appear valid, but deliver you to a fraudulent site. Phishing e-mails often use generic salutations like “Dear Customer,” or “Dear account holder” instead of your name. The address from which the e-mail was sent is often not one from the company it claims to be.
Online, a site that provides good information on fraudulent e-mail is www.fraudwatchinternational.com.
While I cannot recommend any products they sell, the information is helpful.
Concerning the copycat e-mails they had found, Fraud Watch International says, “If you receive an e-mail similar to this, do not respond and do not click on the link. By opening or viewing a preview of the e-mail or by clicking on the link within the e-mail, your computer may have discretely downloaded a virus or spyware.”
Their “Tips to Protect Yourself from Phishing Scams” include:
n Never click on hyperlinks within e-mails, instead copy and paste them into your browser.
n Use spam filter software, anti-virus, and a personal firewall and keep them up to date and active.
n Look for “https://” and padlock on websites that require personal information.
n Keep your computer clean from spyware.
n Educate yourself on fraudulent activity on the Internet.
n Check and monitor your credit report.
And if you’re not a morning person, be especially careful before you’ve had your first cup of coffee.
Patty Harshbarger, owner of Computer Renaissance in Bradenton, can be reached at (941) 753-8277.