|
Don't Get Hooked!
It is officially phishing season now. Unfortunately, it's always phishing season on the internet. As most everyone knows by now, "phishing"is the name for an internet scam where thieves contact you (usually via email) and pretend to be some business or government entity, or diplomat, in an attempt to gain your confidence and after doing so, use this trust to separate you from your money.
Most of us are on to the shady solicitations from Nigeria proposing that you have come into a mega fortune from a huge estate settlement, or lottery, that only requires you to wire money over to this "trustee" who will then transfer millions of dollars to your account. But this practice has so many different forms and disguises and has become so much more sophisticated now, to the point where it is dangerous to share any financial or personal information with businesses or institutions that we have trusted for years. The frightening fact behind this is that the thieves have perfected the art of impersonating these well known entities that we deal with every day.
Of course the solicitation always arrives on the official (fake) letterhead or webpage of one of these familiar agencies or businesses. Most people let their guards down immediately when they see the trusted logo of an institution, business, or agency that they have known for years.
Names that are frequently used as fronts for these scams include EBay, PayPal, Google, Citicorp, American Express, any of the major banks or credit card companies, charities, and government agencies. Posing as one of these non threatening entities, they may ask for your Social Security number, user names, passwords, bank account numbers, PINs, security codes, and the list goes on; all in an attempt to gain access to your bank accounts or credit card accounts in order to steal your money.
A couple of days ago, my friend Ed Kiley at The Perennial Farm, sent an alert for a new scam currently being passed around the green industry by some crooks purporting themselves to be the USDA! They are merely asking you to provide them with a release to your financial information so that you may "be eligible for procurements with the U. S. Dept of Agriculture". There would be some procuring I'm sure, but not the kind that you'd really want!
Some common phishing scams include:
Notification that you just won the lottery in some foreign country and asking you to wire $3,000 to help facilitate the transfer of funds, OR a request that you provide your bank account information so they can begin the transfer.
Notification that you have just been awarded several million dollars from the estate of a long lost relative in a foreign country. And of course this also necessitates either access to your private bank account info OR that you send a good faith $2,500 deposit to cover legal fees, etc.
The "Fraud Alert" that suspicious activity has been detected in your bank or credit card account. In order to verify that it is Your account, a phisher, posing possibly as Wells Fargo or Visa, requires you to provide them with all the account information in the process of investigating this alleged fraudulent activity. This has to be the ultimate con, using a fake security breach to frighten you into a hasty action that will enable them to make a Real Security Breach which they will then use to raid your account!
Another twist on the same scheme is to simply receive a request to verify your account information. How harmful could that be, coming from a business you've had an account with for years. Unfortunately, it could be very harmful, because in this climate you have about a 50% chance that this was sent to you by a phisher cleverly disguised and hiding behind that logo of this trusted company.
The friend in need scam, where you receive an email supposedly from a friend or relative who is stranded out of state or out of country, and needs you to immediately wire them $1,500 to help them get out of jail or get home.
The fake certified check scam: you sell something to someone online through EBay or Craig's List, and the buyer wants to send you a (fake) certified check which just happens to be made out in an amount greater than the selling price. You merely are requested to remit the difference to the buyer.
This happened to the son of a friend of mine who was selling a horse on Craig's List. The buyer wanted to send a certified check for $6,000 for a $2,000 horse (with the $4,000 overage being sent back to the buyer). My friend, who is a lawyer, went to our local Sheriff to ask if he wanted to pursue the criminal, and the request was respectfully declined because the authorities already have more than they can handle with their limited staffs and resources.
I saw a clip on TV recently reporting that many police departments have now created a special division which does nothing but monitor Craig's List for tracking down stolen merchandise. This has become so widespread that this popular site has virtually been turned into an online fencing operation for criminals. Just another of the many facets of phishing. For more examples click here.
And then there is the situation that I just encountered a couple of days ago. In shopping online for a used Polaris Ranger (which we use to pull our plant trailers at the nursery), I thought I'd found a pretty good deal on a demo located at a dealership in Atlanta that was priced about 30% below the price of a new one. But I decided to shop just a bit more to see what else was out there before I made the deal.
And what a shrewd move that was! It didn't take long to find another ad for a similar model for Less Than Half The Price of the demo! Well, it sounded good for a while. Then it went from good to too good to be true. That's when my antennae went up.
There was no phone number, so I had to communicate with the seller via email only. I received a quick response, telling me that the price Included Delivery (even though the seller didn't even know where I was located at this point), and that I would not have to pay until Five Days after delivery, to give me the opportunity to check it out, AND that the transaction would be run through EBay Motors for our mutual protection. What's not to like about that! The seller also purported to be an Army officer. Using a well known company plus using the Army officer guise are common ploys to disarm the buyer (or more appropriately in this case, the "mark").
So I warily replied to the offer, restating everything that was promised, for the record, and then instructed the seller to proceed with the deal. At this point I had figured that my odds of this deal being legitimate were getting slimmer and slimmer. But I couldn't resist moving forward just to see how far this thief would go before bailing out.
My next email a couple of hours later came from the seller, asking if I had sent the money yet! But wait, I thought I didn't have to pay until I had received the Polaris and had five days to check it out. Another clue. These thieves are so greedy, at some point they just can't hide it. They are literally salivating for you to get sucked in.
Shortly after that, I received an "official" looking email from EBay Motors with explicit instructions on how to consummate the deal. The last item on the check list was to wire the funds via Western Union to the "EBay agent", a Mr. John Hincks, in Boston. Let's see, first the ad purports that the Polaris is in Ohio, then I am told the "Army Officer" is in New Jersey, and now the EBay agent is some turkey in Boston. Hmm, I don't think so.
I will have to admit, the EBay Knock off email they sent was really good. Please click above and check it out. You look at this and think, how could this not be authentic. But looking a little closer, I found grammatical errors (which you will not find on the real deal) and misspellings. Just two more very obvious Red Flags. Other than a couple of those, it was scary good.
They even had a live online help desk. I could not resist logging in there just to see if there was a real crook on the other end. Sure enough there was. I got the same standardized answer to any question I asked: "everything is fine, you have nothing to be concerned about, just continue with this transaction and send the money". To think they even covered their bases to this degree though is amazing. What if these same people just used their creativity and efforts in an honest way. They certainly would not have to work any harder than this.
And just for the record, I did contact the REAL EBay and reported the incident to them and sent all email correspondence to their fraud division for further investigation. They replied with an email that outlined red flags to look for in these situations.
So the next time you are approached on the internet with a security breach alert, or a request for personal financial information of any kind, or for a transfer of funds for any reason, do not trust that the sender is authentic just because the web page says EBay, or Bank of America, or any other business or agency that you are familiar with. Always remember there is an extremely high probability that a predator is lurking on the other side of that email phishing for the next sucker.
Don't let it be you.
For more information on Phishing, click here.
| 
