Thursday, September 10, 2009

Fraudulent E-mails

Good Morning! I had a pretty good scare yesterday. I got an e-mail from the IRS that said I had under reported sales tax income and needed to go to a link to check on my status. As you know, the IRS scares any and all American businesses. My first instinct was to click on the link, just to make sure, and then get out if it was fishy. They had a sales tax number and everything. Luckily our accountant had told us last year that the IRS will never contact us through e-mail.

I did some quick checking by going to the IRS' website, and my accountant was right. IRS never uses e-mail. The scariest thing is that if I had clicked on the link, "they" would have been able to infect my computer, it is not always fishing for more personal information. Now, I am a pretty savvy Internet user and know a lot of the warning signs for fraudulent e-mails, but this one was very tempting to check out since it was from such a scary source, and they had so much info on me. It took me maybe two minutes to research this a little, so take the extra two minutes if your gut is telling you something isn't right.

There have been many times that we sell things on Craigslist, ultimate recycling, right? But, I don't think that there has been one time that we don't get an interested, and fraudulent, response within a day or so of posting the ad. With these responses it has usually been pretty easy to tell that it wasn't a person really interested in my sale item. The language in the response just doesn't have very good English, or not enough interest in the actual item. We had a horse on there once, and a guy responded that the condition of my item was acceptable and he would have his people handle all of the packaging and shipping. I don't know about you, but I don't like to package animals!!!

The following are some real danger signs:

  • anyone asking for money up front

  • unusual or not good use of the English language

  • any file with .exe needs to be checked out, not saying they're all bad, but...

  • any e-mail asking for personal information

  • e-mails that come from a source "threatening action" (ie: closure, disruption of service or need of verification), related to one of your accounts

The problem with links is that they can be masked, and what looks like the link to a real website, as mine did, can easily be re-routed. In my research for this post I found and interesting piece of information on Microsoft's scam information page. The following is an excerpt from that page:

Phishing links that you are urged to click in e-mail messages, on Web sites, or even in instant messages may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site.
Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.

I wasn't able to "copy" the example, but I didn't know that resting over the link was a good idea, you learn something new everyday! Like I said, I really did not think I would ever fall prey to such scams, but I was within one click with this one!

No comments: