3 Tips to Ensure You Won’t Get Phished Via Email

I received an email this morning from the Better Business Bureau. It claimed that someone had opened a complaint about No-IP and listed a file with a description of the complaint for me to view. Only problem was that the email was totally bogus. Follow these tips to make sure you don’t get phished. (Click the image to view a larger version and to follow along)

1. Check out the From address on the email. It is from a Jonathan at southeasterncheese.com, that is definitely NOT an official Better Business Bureau email address.

2. The To: and CC: lines are another dead give away. Jonathan sent this email directly to one person, and cc’d over 90+ others!BBB Email

3. The body of the email actually looks legitimate. The BBB logo is there and everything looks great! There is even a case # for to reference. Upon hovering over the ATTACHED REPORT link though, another phishy occurrence, the link does not go to the BBB official website, it goes to a medical records site.

So, next time you receive an email, look at it in depth before you click any links within it, or an even better practice is to not click links in emails and go directly to the official website. If you get an email that you suspect is a phish, report it to the company.  Also, check out this past blog post for more tips to safeguard yourself from being phished! Have you received any emails like this recently?

I’m a Victim of Online Credit Card Fraud

This morning was like every other, or so it seemed. I woke up, made a pot of coffee and settled onto the couch with my laptop to do something I do every morning, check my email.  This morning the email I received was a bit different than my normal though. One of the subject lines read: Fraud Protection Alert. I paused for a second as I read the email, was I really the victim of credit card fraud? Yes. Indeed I was.

The person that had stolen my credit card number had been busy all morning on an online video game site charging small increments of money (less than $10 each) numerous times to see if the card was working properly.   My credit card companies fraud department sent me a fraud alert email when they decided that the charges didn’t seem like my normal activity.  A quick phone call to my credit card company later, and it was confirmed that someone was indeed trying to steal my hard earned credit.

How could this possibly happened to me?   I find myself overly cautious when I buy things online and I even have various “strong” passwords that I use for every online account that I own, I mean even I, the creator, can barely remember them all! I was told that I would not be responsible for any of the charges (awesome!) and that I would be sent a new card immediately. But, I still can’t help feeling used and abused and somewhat, dare I say it, stupid, because I am always preaching to people about being safe online, I mean I just posted an article yesterday about phishing scams.

So, what can you do to (try to) avoid being the victim of online theft?

1. Make sure your web browsers and operating system software are always up-to-date! Security flaws are often found and reported, but can only be fixed on an individual level if you upgrade your software every time it is recommended. (This is probably why my issue occurred, pure laziness. I will really have to restart my computer, oh NO!)

2. Every time you purchase something online, make sure that the connection is secure.  Check the top right of your web browser in Safari, or to the right of the address bar if you are using Internet Explorer, and verify that there is a lock symbol.  Also, make sure that the web address is a secure one by checking to be sure that there is an S after http. https://www.amazon.com/checkout.  This will encrypt any personal information that you enter on that page.

3. Only buy from authorized/legitimate looking online retailers.  Because, let’s face it, if it looks like a (fake) duck, walks like a (fake) duck, and quacks like a (fake) duck, then it is probably a (FAKE) duck.  Check to see if the retailer has the VeriSign Secured Seal VeriSign Secured Shield prominently displayed.  Retailers are often proud that their site is secure, and aren’t afraid to let you know.

Just remember, if it can happen to me, it can surely happen to you. Be sure to monitor your own accounts and call your card companies about any unusual charges that you don’t remember doing. Unfortunately, the $300 charge that posted to your account at exactly 3am on Saturday night when you were drunk and decided that it was a good idea to buy the entire bar a round of shots does NOT count as unusual activity. Sorry…

Has your credit card/bank information ever been stolen or do you know more ways to protect yourself online that I missed? Share your comments below!

Go Phish! Top Tips on Protecting Yourself From Phishing

Phishing scams are everywhere and are growing at an astounding pace. According to Webopedia.com the definition of phishing is “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.”

The most common form of phishing is an email that requests for you to verify, update or confirm something for an account. Oftentimes, the email is accompanied by an official logo of a company with all links contained in the email looking like they are from the official company.

The email will request for information like your login name, password or even your social security number.  Emails with such requests should never be taken seriously, companies and financial institutions would never request such information via email.

So, how do you distinguish an email from an illegitimate source from an email from a verified, official source?

1.Let’s face it, sometimes scammers aren’t the “brightest crayons in the box,” therefore spelling and grammar errors often occur in phishing emails.

2. If an email asks for usernames, passwords or other sensitive information, chances are, the email is phishing.  Companies will never ask for sensitive information like this via email.

3. Check the links in the email. Scroll your mouse pointer of the links in the emails, but be careful not to click them.  Notice in the bottom gray bar of your browser that it will have a link.  This link is where the link will actually go to.  Just because the link says www.ourcompany.com does NOT mean it will be directed there.  You can also do the same thing for images that act like links, again, just be careful not to click on the before you know if the email is phishing or not. No matter how legit links look, ALWAYS type the link directly into your web browser.

4. After typing the link into your browser, if the page that requests for you to log in or enter other sensitive information, be sure that the page is a secure page.  You can verify this by confirming that the address in the address bar has an https, not just http.

In the unfortunate case that you happen to fall victim to a phishing scam and have given away your sensitive information, notify the companies that you have the accounts with ASAP. Also, even if you do not fall victim to a phishing email, contact the company immediately and let them know that you have received a fraudulent email.  Many companies have areas on their website where you can submit the claim to, or an email address that you can forward the email to.

No-IP Managed Mail offers superb protection against spam and phishing attempts with our acclaimed spam engine and extensive RBL lists. We even have our No-IP Anti-SPAM ECR which takes your spam protection one step further by requiring unauthorized senders of email to respond to an authorization email.

Questions or comments about phishing? Leave them below!