The goals are usually the same: Use a person, agency or business’ good name to trick people into parting with their personal information or lure them into clicking on a document or link that will infect their computer with viruses or malware. This is also known as “phishing.”
Here are some clues you’ve received a spoof e-mail:
• It asks you to provide log-in information like your user name or password.
• It contains an attachment or includes a claim a virus is found.
• It appears to be a reply from someone you’ve never contacted.
• It includes an error message from a system administrator that includes an attachment for you to view or a URL to click.
• The message includes a lot of obvious spelling or grammatical errors.
Sometimes these messages look very professional. Scammers work hard to replicate messages from legitimate sources like government agencies or banks. They’ll include a link with text that says, for example, Attorney General’s Office but the hyperlink itself goes somewhere else. You can check whether a link is for real by hovering over the text and reading the link that pops up—but be careful not to click on the link while hovering or you could end up on the scammers site!
OnGuardOnline.gov, the federal government’s Internet safety Web site, offers the following tips:
• Use trusted security software and schedule regular, automatic updates.
• Never e-mail personal or financial information.
• Only provide personal or financial information through an organization’s Web site if you typed in the address yourself and you know the site is secure, including a web address that starts with “https” –rather than just “http.”
• Review credit card and bank statements as soon as you receive them— and if you notice you’re not receiving your statements as expected, check with your bank or card company right away.
Finally, be very careful about opening attachments or downloading files from e-mails—no matter who sent them. No one is safe from spoofers!