"We are updating our records. We need you to login to your account immediately to update your personal information." "If you do not log into your PayPal account and update your information, your PayPal account will be deleted."
Have you received emails like this? How do you know it's really from PayPal, or your bank? Chances are you are being scammed. It’s called “phishing”--Internet scammers sending messages claiming to be from your Internet service provider (ISP), bank, online payment service, or even government agency. They may ask you to "update", "validate", or "confirm" personal info (credit card & bank accounts, Social Security number, passwords, etc.). These messages might direct you to a website that looks like your bank or ISP or even PayPal.com. But it isn’t. It’s a plan to trick you and steal your identity, in turn running up bills or committing crimes in your name.
How to tell if what you are reading is a phishing scam and what to do next:
Do not reply to any messages asking for personal information. A legitimate bank or other institution will not ask you for this information via email. Do they address you by name? If they just address you as 'Member' or 'Customer', it's likely not your bank. PayPal always addresses its members by name, also, they never will address you as 'PayPal User' or 'PayPal Member'. Lots of recent phishers do the latter because they do not know you.
If you are unsure of the web address they provide, open a new Internet browser session and type in the company’s correct Web address yourself to check for a match. Don’t click on the link in the message! Don’t cut and paste the link from the message into your Internet browser, either — phishers can make links look like they go to one site, and then re-direct you to a different site.
Some of these emails contain software or files that can harm your computer or track your activities without your knowledge. Regularly updated anti-virus software and a firewall help protect you. It’s especially important to run a firewall if you have a broadband connection.
Email is NOT a secure method of transmitting personal info, and you should never use it as such. Contrary to what experts have said in the past about secure web practices, indicators such as a padlock icon on the browser, or a URL for a website that begins "https://" (the "s" stands for "secure") are not foolproof. Clever phishers can easily fake such measures. Check certificates by double clicking on the padlock icon, then check if the "Common Name" field matches the name of the organization's website. If you are not sure that they are who they say they are, contact your bank (or whoever it is the fraudster is pretending to be) by phone, and ask how to forward any suspicious emails to an email address they provide to you. You can also forward spam that is phishing to spam@uce.gov. For messages that you think might be PayPal scams, send them to spoof@paypal.com.
If you believe you’ve been scammed, or you HAVE responded to such messages by clicking on a link in an email and/or logged in using your personal user information, here's what you can do immediately to hopefully safeguard from anything horrendous happening:
Call your credit card issuers and banks and immediately ask them to place a fraud alert on your account. Inform them of exactly what transactions you last made on your account so that they can identify any others as being fraudulent.
Call the 3 main credit bureaus, and ask to have a fraud alert placed on your report. They will in turn report this to the others, but it wouldn't hurt to contact all three. Call your bank and do the same. Inform them of your last transactions. You should also file a complaint at ftc.gov.
Review credit card and bank statements as soon as you get them, to check for unauthorized charges. If you find any, dispute them immediately in a typed or handwritten letter mailed through the U.S. Postal Service, don't call or email your dispute. If your financial statements are late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
Be cautious about opening any attachments or files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security. Make sure your anti-virus software is up to date, and if it's not or it's expired, get rid of it and get a new one. There are several free anti-virus software programs available for download online that work just as well or even better than the 'pay for updates' counterparts do.
All the above precautions taken can greatly lesson your risks of identity theft and virus attacks on your computer.
More resources:
FTC’s Identity Theft website: www.consumer.gov/idtheft
PayPal: www.PayPal.com
Internet Fraud Complaint Center (IFCC): www.ifccfbi.gov
Credit Bureau Fraud Alert phone numbers/websites:
Experian: 1-888-397-3742 www.experian.com
TransUnion: 1-800-680-7289 www.transunion.com
Equifax: 1-888-766-0008 www.equifax.com
(Note: all the numbers above are the Fraud Alert hotlines for each bureau - you'll want to go to their site to get a general information number)
Bobbi Jo Woods is a full time web designer & computer guru. For more articles like this and to see her work, you can visit www.bwoodsdesign.com.
Bobbi Jo Woods, CEO/Fanatic
B. Woods Design - Steering Professional Managed Websites for Business
© Bobbi Jo Woods - B. Woods Design
