Gone Phishing? Watch Out For Dangerous Waters.
- by Michael Stillman
Older style PayPal scam (left) with more sophisticated, believable (but equally fraudulent) appeal (right).
This shortly spread to banks and other institutions. The next one I got appeared to come from Washington Mutual Bank, and it almost had me fooled. I have an account with Washington Mutual, though they have no offices near my home. It's an old IRA account left over from a different time. How on earth would some scammer know I had an account with Washington Mutual? The answer would come in the days ahead, when I got such warnings from Citibank and others where I hold no accounts. They didn't know I had an account at Washington Mutual. They simply send these emails out to millions of people, hoping that those who do have an account with Washington Mutual will fall for the trap. That's why I next received dire warnings from Citibank and others where I hold no accounts.
In the days since these first appeared, they have become more sophisticated. Most of these emails now have the appropriate corporate logos and fine print about opting out of emailings that real messages must contain. They appear to have come from the corporation's email server, and have links to provide your data that appear to go to their website. Few now contain the broken English of the early ones, endearing in the Nigerian emails, but not believable when coming from Citibank, that indicate the message really came from some foreign land. What is really galling is that most now tell you they need your data to protect you from online theft. Someone in Moscow or wherever must be enjoying a good laugh at the irony every time some poor sucker sends out their credit card information, thinking they are "protecting" it this way.
A more recent scam to steal your identity is the one that tells you your package is about to be shipped, and your credit card will be billed some substantial charge, like $250, when it is. If you didn't order anything, don't respond. They aren't really shipping something by mistake. They are just hoping you will make a mistake by responding.
How do you protect yourself from these attempts at identity theft? The one-word answer is "delete." It may not be easy. They seem so real, so believable, so... No! Stop right now. Hit "delete." No company in its right mind will ask you to send such data in response to an unsolicited email any more. If your bank does, you need to get a new bank. Not even a bank in Nigeria would make such a request today.