Fraudulent emails are a concern of anyone who has an email account. Scammers use these emails to attempt to obtain personal information such as Social Security, credit card or bank account numbers from their targets. If you hand over the information, you are subject to not only misuse of any current financial accounts you have, but also possible opening of new accounts in your name by the scammer.
Email scammers, also known as “phishers” because they “fish” for information in their emails, may obtain your email address in a number of ways. They may frequent message boards looking for people who have left their emails for contact by other members, from simply guessing and sending emails to random addresses or by compromising (“hacking”) email lists of companies.
Some Internet users try to take steps to stop phishing emails before they ever get them. They may choose to never leave their email address on open forums, or to spell the address out if they do. Spelling out your email address means writing it completely out in words, as in “Name at ISPname dot com” rather than “Name@ISPname.com“. However, this does not actually work, as phishers are well aware of this trick and can program their harvesting software to look for email addresses formatted in this fashion.
Phishers who randomly guess at email addresses will nearly always be able to contact you. Choosing an email address with an odd mixture of characters may lessen your likelihood of receiving scam emails in this fashion. But you may also make your email address more difficult for personal or business contacts to remember or type correctly, which may make you miss receiving important messages.
Hackers are another threat that can lead to phishing emails, and can be one that is totally out of your control. One of the biggest breaches of email list security came in March 2011, when Epsilon’s data was compromised. Epsilon handles email lists for 2500 major companies, including Kroger, Home Shopping Network and Walgreen’s. These companies immediately sent out emails advising customers of the breach and assuring them that only their names and email addresses were accessed-no other personal data was breached. I have done business with some of these companies myself and received one email from each of them.
You may rely on your ISP’s spam filters to catch phishing attempts, but invariably at least some of these fraudulent emails will get through. Therefore, the primary emphasis should be not on avoiding phishing emails, but rather on how to recognize and handle them when they appear in your inbox.
Click the links below for parts two and three of this series!