Protect Yourself From New Phishing Schemes
Identity thieves are crafting e-mails that look even more like they were sent by real companies and have more legitimate-sounding requests.
I just received an e-mail from Verizon notifying me that the payment on my broadband account was past due and that I’d need to pay up right away or my service would be cut off. There was a link for me to click to make the payment online. I know to be suspicious of e-mails like this, so I called the Verizon customer-service number on my bill (not the number in the e-mail) to check. It ends up that it is a phishing scam, using a very real-looking e-mail. What should I be doing to protect myself against such scams?
OK, I have to admit, this question was actually from me. Right in the middle of researching a story on new ID theft schemes, I received this e-mail claiming to be from Verizon. It illustrated everything the ID theft experts I’d been interviewing had told me about the new generation of phishing schemes.
Identity thieves have taken phishing -- fake e-mails that link to fraudulent Web sites and ask you for personal data -- to the next level. The e-mails look even more as if they were sent by real companies, with just tiny differences, such as using zeros to replace o’s in the link that includes the domain name.
And rather than sending e-mails from random companies, they’re picking companies that you’re likely to do business with and making legitimate-sounding requests, so you’ll be more likely to let your guard down. In one scheme, ID thieves send an e-mail that offers a gift card for completing an online survey about your recent visit to a store, says Kirk Herath, chief privacy officer for Nationwide Insurance. It’s easy to fall for the gambit if you have visited the story recently, which is why thieves pick big chains. Best Buy, for example, recently warned customers about a scheme like this targeted at its customers.
ID thieves frequently pose as the IRS during tax time, sending e-mails asking for personal information in order to get your refund; in reality, the IRS never contacts taxpayers by e-mail asking for more information.
Verizon media relations manager Bob Elek says that other people have received e-mails similar to the one I received. “We do communicate with customers via e-mail, but we do not send e-mails to customers regarding their personal billing situation,” he says. Instead, Verizon communicates with customers through the mail and through its My Verizon portal, which is password-protected, for people who receive and pay their bills electronically. He says Verizon never asks for Social Security numbers, another common phishing scam. He recommends doing exactly what I did -- calling the company directly (from the phone number on its Web site or on your bill) to ask about the notice and the status of your account. Do not click on the link in the e-mail, and don’t call the customer-service number listed in the e-mail. Verizon keeps a Fraud and Scam Alerts page and a Safety & Security page that warn people about some of the latest schemes. Here’s their alert about the phishing scheme claiming to be from the “Verizon Billing Team.”
You can find plenty of other great resources to help you check out suspicious messages. Most companies have a scam-alert page that gives information about recent schemes. You can also find out about new Internet crime schemes at the Internet Crime Complaint Center, which is run by the FBI, and get alerts about online ID theft schemes at OnGuardOnline.gov, which is managed by the Federal Trade Commission and several other government agencies. The IRS has a phishing page with warnings about recent schemes and information about where to report them.