We’ve all gotten them – emails informing us that it is crucial that we immediately log in and change personal information including user names, passwords, Social Security numbers, and even bank account numbers. Most of us consider ourselves too savvy to be taken in by some of the more obvious scams, but as the public becomes more and more knowledgeable about fraudulent emails – sometimes known as “phishing” – the perpetrators of these scams are also kicking it up a notch in order to continue to trap the unsuspecting or newbie Internet user. Here are some tips to help you avoid being deceived by fraudulent emails.

Fraudulent Email – A Definition

Any email that is mass distributed and purports to be from someone other than the true originator is considered fraudulent or spam email. It doesn’t matter whether or not any attempt is made to extort information from the reader; if someone is pretending to be someone else, the email is fraudulent. Phishing takes this one step further, attempting to trick the recipient into providing personal information such as a Social Security number, bank account number, login name and password, or demographic information.

These emails may look surprisingly legitimate, and include the name of the alleged sender in the “From” field. Do not be fooled by this. It is very simple to put in a different sender name, and anyone can use any name that they want in this field.

Brief History

Fraudulent email has been around since the late 1990s, but really began to mushroom in 2002. In some ways, spam email mimics the kind of junk mail that has been clogging up our mailboxes for decades. The difference, however, is that because information is being conveyed electronically, the potential for harm is far greater. Additionally, spam and fraudulent emails can carry viruses that often are responsible for serious problems with one’s computer. At least junk snail mail never caused your hard drive to crash, annoying as it may be!

How it Works

You receive an email from eBay informing you that your account has been somehow compromised, and requesting that you click on a link included in the email, and login immediately verifying your user name and password. You panic, thinking the worst, and follow the instructions given. However, this email is not from eBay. Rather, it is has been generated from a computer that has been programmed to send out millions of these fraudulent emails.

In giving out this information, you have provided a stranger with your personal login information for eBay. With your user name and password, this individual or group of individuals can now sign on to the site and list merchandise for sale under your seller ID. The normal pattern is that the perpetrators will list a number of high-ticket or popular items for bargain prices. Because the thief does not have your PayPal account information, he or she will have to use an alternative form of payment, usually a wire transfer of funds. Shoppers looking for a deal won’t think twice about snapping up what they perceive to be the deal of a lifetime! They purchase the item, and wire the money per instructions. Of course, the “seller” never had the item in the first place, and once the money has been transferred, the buyer has no recourse.

The buyer waits for his or her item to arrive, and when a reasonable amount of time has passed, contacts the seller – you. Of course, you know nothing about this transaction, and are flabbergasted to get this complaint. An angry buyer wants his or her money back, and of course you don’t have it. You are being held accountable by eBay when in fact you had nothing to do with this transaction. How to Identify a Fraudulent Email

Once you are aware of these scams, the fraudulent emails are fairly easy to spot. Here are some giveaways:

• Generic Salutations: For emails that are generated by a well-known company such as PayPal or eBay, the salutation is usually the first giveaway. Rather than use your name, the salutation in these emails is usually generic. “Dear eBay Member,” one email begins. Internet providers’ names such as Earthlink or AOL are also used as a lure, with a program generating emails to members worldwide. Think about it. You are a member of these communities, and any email that you receive from them is going to have your name in the salutation.

• Threatening Tone: One hook that tricks the uninitiated into providing information is the threat that the service provided by the sender is about to be cut off unless the recipient responds immediately with certain information. The ones allegedly from PayPal often indicate that records need to be update, and ask to confirm your user name and password. Once an identity thief has this information, he or she can simply log into your account and clean it out.

• Personal Information: The email is asking you to provide personal information, or to confirm information that they should already have on file. Even giving out your name can be dangerous. Remember, these emails are computer-generated, and they don’t have your name at this point. By providing this, you are opening the door to more personalized spam that can entrap you further.

• A Plea for Help: This type of fraudulent email can take the form of a direct request for money for a charity, or get even more involved, purporting to be from a member of a foreign government or a family member of a murdered diplomat. This particular “genre” has been given the name “Nigerian” scam since most of these campaigns originate in Nigeria. The email explains that for the “victim” has millions of dollars in a bank account, but cannot access this money for whatever reason. You are asked to help, and in turn, you are promised a percentage of the riches, usually to the tune of a million dollars. All you have to do is to send a small amount of money upfront to pay for the transfer charges. This is a total scam. There is no grieving widow, and no millions. All these people are doing is preying on the sympathies of charitable Americans, hoping to sucker a few into the scheme.

• An Offer You Can’t Refuse: Whether it is for a low-interest credit card, a home equity loan, or a car loan, you need to be very wary of these types of email. Some may well come from legitimate businesses, but the risk you take in providing any information is too great to take. If you are truly interested in an offer that you receive via email, visit the website of the company, and send an email to the contact address. Mention that you received an email and that you are just checking to make sure this was a legitimate offer.

• Surveys and Product Testers: These emails are very prevalent, and seem innocuous enough, at least at first glance. You are invited to join an online survey site and in turn, promised payment in either points or some sort of reward. There are some legitimate survey and product testing sites that live up to their promises. But others are simply a means by which to gather information, and sell that to other, less scrupulous sources. If you are interested in doing surveys, do a search for “Paid Surveys,” and apply directly online. One word of caution, however, some of these survey groups will require you to go through pages and pages of ads before getting to the survey. If you find yourself in this situation, get out.

How to Avoid Being the Victim of Fraudulent Email

There is one simple way to avoid becoming a victim of fraudulent email; that is to simply not respond to any email that appears to be less than legitimate. Some are more obvious than others, and in some cases, just opening up an email could cause exposure to viruses or worms. One good safety precaution is to view the source of the email before opening it. Position your cursor over the email subject in your inbox, and right click. Select “View Message Source” from the drop-down menu. A new window should open up showing the source code for the email. Check the “sent” by address. If it is legitimately from PayPal, or eBay, this actual path will indicate this.

If you are reading a suspicious email and are asked to click on a link, you can actually check the validity of the link by checking the properties. Position your cursor over the link and right click. Find the menu item “Properties,” and select. A separate window will open and the actual address to which the link is directing will be displayed. If it is legit, go for it. If not, close the email and delete it.

Taking Action

Most legitimate businesses want to know when fraudulent emails are being circulated using their name. If you receive such an email, notify the business through their site. Sometimes they will ask for the header information, and you can provide that by viewing the message source as described in the previous section.

If you think you have been a victim of such a scam, you do have recourse. The first thing you need to do is to go to the site and change your password. If someone is trying to access your account, they will be using your old password, and will not be able to get in. Then, check your account to make sure that no suspicious activity has taken place. If this is an eBay scam, once you have changed your password, check your seller’s page to make sure nothing is listed that is not yours. If something does show up that you aren’t aware of, kill the listing and contact eBay customer support immediately. Normally, they will credit back the listing fees in cases like these.

Be Proactive

You do not have to be a victim of fraudulent email scams. Here are some things that you can do to be proactive in this area:

• Keep an eye on all of your online accounts including PayPal, eBay seller accounts, bank balances, etc.
• Make sure that you have adequate virus protection software
• Install spyware detection software on your computer and run a scan every week
• Make sure your password is not easy to guess and change it from time to time.
• Never open attachments to emails from people you do not know.

By being proactive and alert to new emails, you never have to worry about becoming the victim of a fraudulent email scam.