Q: I take care of finance and human resources at my place of employment. Yesterday, I received an email that appeared to come from the president of the company asking for a payment t be sent out from our HR department. In looking closer at the email, the email is spoofed. It had the president’s name but it looks to be coming from a scammer. I wonder if there are many others that are having the same problem. This is a pretty easy one to get hooked into if you aren’t alert to these kinds of things. Fortunately, my antenna goes up when I see anything that is the least bit suspicious. Thought you should know about this in case it hasn’t been brought to your attention.
A: Yes, BBB is very familiar with the phishing scams. For those who might not be, Wikipedia’s definition of phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim.
The Securities and Exchange Commission offers these helpful tips on how to protect yourself from phishing:
Pick up the phone and verify – Do not respond to any emails that request personal or financial information, especially ones that use pressure tactics or prey on fear. Cal the company yourself – using the number in your Rolodex, not the one the email provides!
Do your own typing – Rather than merely clicking on the link provided in the email, type the URL into your web browser yourself (or use a bookmark you previously created). Even though a URL in an email may look like the real deal, fraudsters can mask the true destination.
Beef up your security – Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must-have for those who engage in online financial transactions. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with “https” instead of just “http.”
Read your statements – Don’t toss aside your monthly account statements! Read them thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made, and check to see whether all of the transactions that you thought you made appear as well.
Spot the sharks – Visit the website of the Anti-Phishing Working Group at www.antiphishing.org for a list of current phishing attacks and the latest news in the fight to prevent phishing. There you’ll find more information about phishing and links to helpful resources.
Action Line is written by Blair Looney, president and CEO for the Better Business Bureau serving Central California. Send your consumer concerns, questions and problems to Action Line at the Better Business Bureau, 2600 W. Shaw Lane, Fresno, CA 93711 or firstname.lastname@example.org.