Half of all internet users get at least one phishing email per day. For those of us who are active with email and social media, that number goes up considerably. Phishing emails are designed to get you to provide personal information such as your bank account number, routing number, social security number, birth date, etc (see the AOL email fraud example below). The information obtained is used to secure a credit card in your name, or draft a payment from your checking account.
How to Spot Fraudulent Emails
Although identity thieves are constantly changing their approach, many phishing scams have similar characteristics. Being familiar with these will help you determine whether an email is fraudulent or not.
Look for Spelling and Grammar Errors – Most companies that send official email take the time to proofread and double-check that their emails are free of spelling and grammatical mistakes. It’s good business practice and it’s a sign that you’re reading a message from a legitimate company. If you receive a message that is filled with errors, it is more than likely a scam.
Use of ALL CAPS – Phishing attempts often try to create a sense of urgency to get you to take action immediately. Look for statements like, “YOU MUST CHANGE YOUR PASSWORD NOW”. It is important to note that most legitimate companies don’t use email as their first method of contact for urgent matters.
A Fake Display Name – Most phishing emails will try to fake the “From” name to get you to believe it is from a legitimate person or business. This is called “spoofing”.
Phishing Email Example
Below is an example of the fraudulent AOL email scam:
We use this medium to notify you that your AOL account has generated some errors on our MySQL Database and you are required to follow all instructions given to you in order to correct this problem.
During our regular account verification procedure, we encountered a technical problem and we could not verify your information which we have on file. Your account data could not be recovered due to system errors resulting from Windows update. As a result of this, your information which we have on file is incomplete and your account functions are abnormal.
In respect to the above, you are urgently required to re-submit your information via our servers so that we can fully verify your AOL account; otherwise, your access to AOL services will be deactivated until you pass the verification procedure.
We strongly require that you click here to verify your AOL account!
Note that failure to verify your account immediately will lead to permanent deactivation of your AOL account..
We are very sorry for the inconveniences this might have caused you and we assure you that everything will return to normal as soon as you have done the needful.
AOL Technical Team
2011 AOL LLC. All Rights Reserved.
What to Do if You Receive the Email
If you receive this or any other fraudulent email, please do the following:
- Don’t click on any links in the email
- Don’t reply to the email
- Mark the email message as spam
- If you are unsure of an email’s authenticity, forward the email to your email provider’s abuse contact. For example, AOL’s abuse email is email@example.com.
How to Tell if AOL Mail is Official
When AOL sends an important email to its users, they mark each message with a small blue AOL icon. The blue icon is located between the sender and the subject line. Below is what the blue icon looks like:
Also, when you open an Official AOL email message, you’ll see the “Official Mail” banner at the top.
If you get a message that seems like it’s from AOL, but it doesn’t have those 2 indicators, it’s a fake email.
Smishing Identity Theft for Cell Phones
Chances are, you have security software installed on your computer to protect your email against “phishing”— fraudulent messages that attempt to get you to reveal sensitive information such as account numbers and passwords. Unfortunately, these same types of scams come directly to your phone via a text message. “Smishing” is phishing that’s conducted over short message service (SMS), more commonly known as text messaging.
The Pew Internet and American Life Project found that on average, mobile phone users send and receive approximately 40 text messages a day. At some point, you’re likely to encounter these fraudulent text messages and the scam of identity theft smishing. If your smartphone isn’t secure, your personal information could be vulnerable to Smishing Identity theft.
Common Smishing Identity Theft Schemes
Common smishing fraudulent text messages (also referred to as SMS – short message service) often appear to require immediate attention.
The fraudulent messages may take a format such as:
- For example, a fraudulent text message “from your bank,” telling you your account has been shut down and asking you to call a number to reactivate the account
- In another case, a text message that says you have been registered for a service and will be charged unless you take some form of action, such as visiting a website
- A confirmation of a purchase that directs you to call a number if the confirmation is inaccurate
If you take the actions prompted by the fraudulent text messages, you may be sending your personal information directly to a scammer. Some spy programs will spread malware or a virus on your mobile phone or computer. And others may give the scammers the means to eavesdrop on your phone calls.
How to Protect Yourself from Smishing Identity Theft
If you get a text that’s unsolicited or from an unidentifiable source, protect yourself with these tips:
- If the text message appears to be from a legitimate source, contact that source’s actual phone number—not the phone number provided in the text—and verify that it is legitimate. In most cases, legitimate businesses, such as banks, do not send text messaging that elicits a response.
- Delete any text message from unknown sources without reading
- Do not click on links or download software apps from an unverified source
- Never provide sensitive information to an unverified source
- Avoid any text message that appears to come from the number 5000. This may be an identity that hides a scammer’s real phone number. The message may be masked using a technique called SMS spoofing (described below).
- Add security software to your mobile phone
- Look into setting up a “text alias.” This cell phone feature hides your actual phone number from the smishing sender
- Contact your cell phone service provider and report the text messaging you received
Short Message Service (SMS)
Most people know it simply as text messaging, but the technical term is SMS (Short Message Service). SMS is a service for sending short messages of up to 160 characters (224 characters if using a 5-bit mode) to mobile devices.
SMS Spoofing is a new technology that uses the short message service (SMS) to set who the messages appear to come from by replacing the originating mobile phone number with alphanumeric text. In truth, the process of conducting SMS spoofing has a legitimate purpose, but can also be used to impersonate another person, company or product. SMS spoofing is a common technique that scammers love to use, both to steal your information, but also to annoy you.
File a Complaint
To learn more or to file a complaint, contact the Federal Trade Commission identity theft website.
Questions and More Information
If you have any questions, please post a comment below. If you would like to learn about other types of fraud, go to Fraud, Scams & Schemes.