What is email identity theft? It is the stealing of personal data through the use of scam emails that lead to bogus websites that look like the real thing. Other names for this type of activity are phishing and spoofing.
Email identity theft or phishing (pronounced "fishing") is one of the biggest problems on the internet today, and has lead countless numbers of people to giving their personal information away to someone with malicious intentions. According to the FBI’s Internet Crime Complaint Center, individuals and businesses have lost more than $3.5 billion through various internet scams.
Here is how an email scam usually works. A spoofed email is one which appears to be sent from a reputable business, government agency, or person you know, when in fact it has originated from an entirely different source. This is done to trick you into believing that it is a legitimate email from a trusted sender.
These emails appear to come from companies that you generally do business with, such as your bank, a social networking site, online store, or PayPal. These official looking emails usually request your immediate attention, urging you to login to the main site to verify or update your account information. You may also receiving an email with an order and shipping confirmation (which you know nothing about). Theses types of emails will contain a link for you to carry out the requested action. When you click on the link, it will take you to a site that looks exactly like the official website. Unfortunately, it's a bogus site set up to steal your information.
Skilled hackers build duplicates of popular web sites in order to trick you into logging in. Once they have your password, they can log into your real account and steal your identity or your money. For example, the most popular email identity theft scam involves duplicating PayPal.
Some scammers even send you to the actual website when you click on the email link. Their link code is capable of launching a pop-up window which will harvest your account information. Once they have your account and logon information, hackers can empty your account or conduct more complex scams hiding behind your identity.
In order to avoid being a victim of email identity theft, you should learn about how URLs work. Links that are contained in emails are hyperlinked to website URLs. Phishing emails will show what looks like the official URL, so you should always mouse-over the link. By putting your mouse over a link, it will display the actual URL of the link at the bottom of your browser.
On some phishing emails, the moused-over link is obviously not even close to the original site. On others, it's not so obvious that it's a bogus site. Say that the URL of the official website is YourBank.com. You should check the URL at the bottom of your browser and make sure that it says https://www.YourBank.com followed by a forward slash, followed by whatever information the site requires. If it says something like YourBank.comiaj3k1.org, you can see that it is a false URL that would take you to the comiaj3k1.org website and not your bank. There are also fake sites where the URL has a couple of the letters switched, so pay attention to the spelling in the URL.
If you really think the email has come from a legitimate site but are worried about clicking the link, you should go to the official website by opening a new browser and typing in the official website address. As an extra precaution, look for the lock symbol in the address bar of your browser and the "https" at the beginning of the website address. From there, you can log into your account and see if there are any updates that are needed.
Another way you might be tricked is when you receive an email from someone you actually know, asking you to click on a link in the email. If it seems unusual, it might be because their email account was hacked. In these types of situations, it's always better to call your friend or family member to see if they actually sent the email.
In addition to this basic knowledge of URLs, you can also install some sort of software that will keep an eye out for you. Modern browsers such as Firefox and Chrome have built-in phishing protection. These programs run off of a list of reported websites. They also have filters that will look for certain characteristics of the URL and alert you if it appears suspicious.
Many email and anti-virus programs also offer filtering services that will detect scam emails and put them in a special folder. It's a good idea to see if the program you use offers this capability. If it does, you should be using it.
Here are some do's and don'ts to help you avoid becoming a victim of a phishing scam:
If you received a questionable email that appears to be from a company you do business with, go to the actual website and use their contact form to report the phishing email and any relevant information. Some commonly targeted companies even have a link where you can report these email identity theft attempts. You can also report phishing email messages by forwarding it to firstname.lastname@example.org
If you have already disclosed sensitive personal information through a phishing attack, you should contact one of the three main credit bureaus to place a fraud alert on your account. The credit bureau you contact will notify the other two credit bureaus of the fraud alert. Having a fraud alert in place will make it harder for identity thieves to open accounts and loans using your information. You'll also need to notify your financial institution if your account information has been compromised.
The modern internet has brought us many conveniences, from social media to buying groceries online. But as with anything, some people will try to take unfair advantage of the situation. So while you are enjoying the benefits of technology, you should also keep on the lookout for attempts to steal your personal information. If you get involved in a internet identity theft scam, it can be a real pain to get sorted out.
For more tips on how to prevent identity theft, check out the following articles: