This past week or so has brought with it a flurry of identity theft scams disguised as Pay-Pal and Ebay “fraud alerts” and account cancellations. It amazes me how authentic they look and concerns me that some folks may actually be duped into forking over highly sensitive personal information to complete strangers. I’ve written you about these scams before. My reason for repeating it here again is because some of the scam sites which I have reported to the respective ISP’s days ago are still live today, presumably collecting personal information from unsuspecting users. One in particular is so brazen (hosted on his own computer over a DSL broadband connection from his home in San Francisco!) either he’s incredibly stupid, the victim of a third party who has seized control of his computer remotely or it’s a government authorized study to see how many people identify it as fraud and report it to the ISP (in this case pacbell.net, aka SBC Global).
Of all of the Pay-Pal and Ebay fraud alerts I have received via email, one actually was authentic so you can’t just discount them all as fraud. Here’s how to tell which are which.
- First of all, note the address that the email was sent to. If it does not match the email address you normally receive authentic mail to from the company in question, chances are very good it’s fraud.
- If you use MailWasher to clean your email of spam as I have recommended on countless occasions and the sender is already blacklisted by SpamCop or some other RBL, again chances are good it’s fraud.
- Next, if there’s a link to click on, make sure it actually leads to the site in question. For instance, note this next link http://surfsafely.com/. It says surfsafely.com but if you click it you will actually be taken to safe-pc.co.uk (Don’t worry. That’s one of mine too). Likewise, in an email I can type what looks like a link to ebay (http://cgi3.ebay.com/) that takes you somewhere else entirely. The key is to examine the actual URL in the browser Address bar. If it starts out with any combination of numbers likehttp://169.254.67.20/some/clever/subdirectory/name/ or http://cgi.ebay.anyotherdomain.com/some/clever/subdirectory/name/ leave immediately! “You’re not in Kansas anymore.”
- Lastly, make sure the information being asked for is actually what was needed when your account was first created. Neither Pay-Pal, Ebay or any other reputable company will ever ask for a social security number, bank PIN, driver’s license number or mother’s maiden name.
If you receive such scams but do not have the tools to trace their origin as I do, it is important to forward these email in their complete unaltered form to your Internet service provider abuse or complaint department for them to take appropriate action which may include blocking further inbound email from that source, having that account closed by the sender’s ISP and reporting to federal agencies for follow up.
Please share these tips with friends and family. The sooner we stop these scam artists the safer we all are.