海角大神

In yesterday鈥檚 reader mailbag, I answered a question from a reader who asked for simple ways to avoid identity theft online. I told the reader that the best thing that a person can do is to simply avoid clicking on links within emails.

By the end of the day yesterday, I had several follow-up emails from readers asking quite a few different questions about that statement, so I thought I鈥檇 explain it all in detail.

First of all,聽you should never fully trust that an email is actually from whoever it says in the From: field.聽It is rather easy to fake such information and it鈥檚 because of the implicit trust that people have of the email recipient that many scammers are able to get away with it.

厂别肠辞苍诲,听URLs inside of an email can easily be faked as well.聽Fake links are incredibly easy to embed within emails.

For example, let鈥檚 say you receive an email from what appears to be your bank. Let鈥檚 say that your bank is Citibank.

The email informs you that there has been some suspicious activity on your account and you鈥檙e encouraged to log in to check it out. The following link is provided:

https://www.citibank.com/login

If you happen to click on that link, you鈥檒l realize that it doesn鈥檛 take you to Citibank at all. Instead, it just drops you back at the homepage of The Simple Dollar. In fact, the destination of that link could have been聽anything.

What scammers will do is聽make up a fake website that looks exactly like the website they鈥檙e wanting to scam.聽So, they might make up a page that looks just like the Citibank site. Then, they鈥檒l send you a fake link 鈥� like the one above 鈥� that appears to go to the Citibank site but聽actually聽goes to their fake site thatlooks聽like the Citibank site.

If you login on that fake site, the scammers now have your banking login information. Depending on how they鈥檙e doing things, they may ask a few follow-up questions for 鈥渟ecurity purposes,鈥� then you鈥檒l likely see a message on the fake site saying something like 鈥淭his site is down for maintenance. Try back later.鈥�

By then, it鈥檚 too late. They have your account info 鈥� or at least enough info to get what they need.

This type of scam can work with pretty much any online account, from your bank to your credit card, from Amazon to eBay.

So, what can you do?聽If you get an email from a business that you want to follow up on,聽don鈥檛 click the link in the email.聽Instead, start up your web browser and go to the website for the company on your own. If there is an issue, you will be able to figure it out fairly quickly after logging onto your account with them.

If you don鈥檛 have an account with that business, again, go to a web browser separately from your email and look up their customer service phone number, then call them directly.

These simple steps won鈥檛 protect you from聽every聽scam, but it will protect you from a lot of them.

One final note:聽why do these work so well?聽It鈥檚 all about numbers, really. Let鈥檚 say a scammer buys a list of one million email addresses. He spends a day setting up a fake website, then uses his spamming program to send out a fake email to each of those addresses. Let鈥檚 say 90% of them just ignore the email completely or have it filtered away. That leaves 100,000. Let鈥檚 say 99% more don鈥檛 have an account with whatever business the email claims to be from. That leaves 1,000. If only 10% of those remaining fall for that scam, this person suddenly has 100 verified banking accounts with which to play with. If the scammer can effectively use or sell those accounts, it鈥檚 going to be well worth it.

The post聽How Phishing and Email Scams Work 鈥� and How You Can Avoid Them聽appeared first on聽The Simple Dollar.