Yeah - there's more. A very dangerous scam is proliferating - one known as "phishing." You've probably heard of it. You get an e-mail from eBay, PayPal, your credit card company, your bank or.... They indicate that some problem has arisen with your account and they need for you to confirm some data to clear up the problem. All you have to do is click the link to get to the e-bay/PayPal/etc web site and a data entry box. You confirm (fill in) the data and the problem is cleared up. You think... Your problems are just beginning. Oh - if you're lucky - the thing did not cntain a virus.
The background decor of eBay, PayPal, your bank, etc. is real - it's from that entity's web site. The data entry box, however, is NOT. The extremely sensitive data you enter really go to a scammer somewhere, to be later used in fraud or identity theft. A VERY good source of information about these scams can be found at Millersmiles. You get a list of current scams and samples of their appearance there. In reality, the web sites of the scammers often get taken down fairly fast, but not till AFTER they have collected a LOT of personal information.
Here's a sample (of MANY) that have landed in Prof. Cotton's inbox.
These things have been turning up in large numbers, from many different banks. At least, they claim to be from the banks. They're not. One clue: if you look at a load of these, many will be identical except for the bank name.
Be sure to look at the last e-mail in the list (with full header). It's mostly html code. Also - all those numeric values at the end are a VIRUS! Our spam killer detected it. If you open and display this e-mail, that virus will try to execute. For safety, we recommend disabling html execution in e-mail.
The problem has grown until a large-scale by the Web community has been launched in an attempt to slow it down.
What defense do you have against such authentic-looking things? There is only one thing you need to remember: No such entity - eBay, PayPal, your bank or credit card company - will ever send you an e-mail requesting personal data. NOT EVER!!! Any e-mail that directs you to a web site that asks for ANY personal information is a scam - that's S-C-A-M!!! An astounding number of people have responded to these, resulting in a wave of identity theft and fraud.
If you ever get one of these phishing e-mails, you should assist eBay, PayPal or whoever by forwarding a copy of it to "spoof" at the proper domain. For eBay, that would be spoof@ebay.com. They will chase it and get the phishing web site taken down.
And now for the latest news. A November 7, 2005 article in the Dallas Morning News described yet another phishing scam. It seems that the scammers will pose as a representative of some legitimate outfit and go to a bank, where they will request a pile of credit card applications for their members. They'll then set up a kiosk in a mall somewhere and promote credit card applications. Mall visitors are encouraged to fill out the applications and leave them for processing. You guessed it - the scammers take the applications, which contain all they need for identity theft, and send in fraudulent credit card applications in the names of the victims in the mall.
If you ever pick up a credit card application at a mall, NEVER return it to a kiosk. Take it directly to the bank yourself. Yeah, that's a nuisance; the kiosk is soooo much more convenient. Don't let convenience lure you into a scam.
Phishers gathering date for identity theft can also use the phone.