What is Phishing?

Phishing is when someone sends you a fraudulent email stating that your bank, credit card or email account has unauthorized activity.  The email tells you that you need to login and review the unauthorized transaction, account error, or update your personal information. The email then direct you to a fraudulent website designed to look exactly like your banks or email website but are actually designed to steal your username and password. The website tells you that you need to sign into your account and when you enter your account information the criminals now have your account information. Once criminals have your username and password they have the ability to transfer money, withdraw funds, spam or whatever they want from your account. Criminals will also use this information to steal your identity or committe fraud under your name. Internet Safety Center received a phishing email we are going to share with you. We are also going to layout simple rules for you to follow so you don’t get fooled by phishing emails and become the next victim.

*According to Consumer Reports Magazine in December 2008 there were almost 35,000 Phishing attacks. Phising attacks have cost consumers almost $500 million.

Here is the email we recieved

 

The email has the Bank of America name and logo on it, but Bank of America had nothing to do with this email. This was an email sent to Internet Safety Center. Bank of America isn’t responsible for the content of the email in any way.

Here is the email I received saying my account has had several failed login attempts. You can see that it looks official and very well done with the Bank of America logo and statements saying Bank of America.

account notification

Rule - 1: Never Click on links in side Emails from Banks, Credit Card Companies or any Financial Institution.

I know that it is really easy to click on the link embedded in the email that supposedly takes you directly to the website. In this instance the link takes us to a fraudulent website designed to steal our username and password. To prevent yourself from becoming a victim following this one simple rule.  Never click on links inside emails froms Banks, Credit Card Companies or Financial Institutions. 

Rule - 2: Never Click on Links inside Emails from Banks, Credit Card Companies or Fnancial Institution.

Sorry to repeat rule #1 but it is critical that you understand that you should never click on links inside emails from banks or credit card companies.

 

If you want to verify the alert open up your web browser (Internet Explorer, Firefox, Opera, etc) and type in the website address of the financial institution or site the email was supposedly sent from manually. If you are unsure of the exact website address go to Google, MSN, Yahoo and do a search on the name of the institution.  Then click on the link from the search results.

How to Determine the Email is Fraudulent

Step - 1: Look for the email address the message came from.

You will see the email came from xgpxpr@accounts.net. If the email came from Bank of America then why would the email address say accounts.net and not Bank of America? This tells you right away it is a fraudulent email.

Step 1

Step - 2: Look at the Web Address of the Link.

Put your mouse directly over the link, but don’t click on the link. You will see the website address the link is associated with. If you are using Outlook a pop-up box will appear displaying the web address. You can see in this example that the web address is: http://h81.176.141.67.static.ip.windstream.net/zz.html. If the email is coming from Bank of America then why isn’t it taking me to the Bank of America site? Again, this tells you it is a fraudulent email.

Step 2

Step - 3: If you click on the link inside the email it will take you to a fraudulent website designed to look exactly like the website of your financial institution.

You can see in this example that the website you are looking at looks like the Banck of America site, but it is a fake site. The link the website directs you to http://216.1167.145.41/bofa. Clear evidence that it is a fake email, because it doesn’t direct you to www.bankofamerica.com. If you were to enter your username and password then the criminals would have this information.

Step 3

Conclusion:

Phishing or fake emails are growing at astonishing rates all across the internet. Criminals are sending these fake emails in mass quantities to steal your username, password, and identity. Criminals use this information to transfer you money from your accounts or use your identity to open credit cards or get bank loans. Don’t let yourself be a victim of this scam and follow Internet Safety Centers one golden rule. Never Click on Links inside Emails.