Off topic warning: This topic is not about genealogy, but may still be of interest to those who wish to learn more about Internet scams.
Phishing is the criminal act of "fishing for information," tricking people into revealing important information such as logins, social security numbers, bank accounts, etc. The Ancestry Insider recently received a phishing e-mail. This one was completely obvious... if you know what to look for.
As you go through the five numbered items below, look at each successive dark-green box in the image below.
- The e-mail didn't come from Capital One, but accounts.com.
- The "to" field of the e-mail is blank. That is a sign that the e-mail is SPAM, sent to dozens, even thousands of e-mail addresses.
- The e-mail doesn't identify me by name. Phishers can easily buy e-mail addresses harvested from the Internet, but they rarely have both e-mail address and name.
- I don't have a Capital One credit card, not in my own name and e-mail address and especially not in the name and e-mail of the Ancestry Insider! But when phishers SPAM enough e-mail addresses, even though they will send it to a lot of people that don't own the bait, they'll get a lot that do (be it a credit card, a bank account or a password with e-Bay, PayPal, etc.).
- NEVER, NEVER click a link in a suspicious e-mail, particularly to get to your bank or any other website that requires a password, credit card number or other important information. Always go directly to the home page of the website by typing in the address of the website. In this example, I could go to www.capitalone.com, login and see if I get the same important notice contained in the suspicious e-mail. I won't, though. These phishers didn't bother to disguise the link—which can be done. The link begins with http://18.104.22.168 instead of http://www.capitalone.com. When http:// is followed by four numbers instead of an Internet address, don't trust it!
Anti-Phishing Phil is an online game from Carnegie Mellon University that can help you learn how to recognize dangerous links and Internet addresses such as the one with the four numbers in the phishing e-mail I received. It will teach you not to take phishing bait; and it's free for personal use.
Last month Dick Eastman wrote about another scam: deceptive pop-ups. Eastman learned the hard way that you NEVER click anywhere inside an unwanted pop-up. Here's an example:
Image credit: Derek Quenneville
To do its dastardly work, this pop-up needs you to click. But since it is from a dastardly company, the click doesn't have to be on Next. As Dick found out, Cancel works just as well. All they need is a click, anywhere inside the window frame.
Always close the window using the X in the upper-right corner. At least that's what I've always done and have never had any problems. If you wish to be doubly safe, I recently read a suggestion that closing the window via the task bar at the bottom of your screen is even safer.