Bank Deal: Earn 1.00% APY on an FDIC-insured savings account at Barclays.
While at lunch today, I received an e-mail that was purportedly from Chase — but it wasn’t. This isn’t a particularly noteworthy occurrence in that I (like most of you) receive credit card phishing attempts all the time. But this one slipped through the spam filters and it looked quite real.
The message state that our account had been temporarily limited — a standard thing in fraud prevention — and that I needed to login to confirm my account details. It looked real enough (on my phone, anyway) that I called my wife to see if she had used the card for anything out of the ordinary. She hadn’t.
Once I got back to work, I opened the message on my desktop and saw right away that it was a fake. For starters, the “from” address (not just the name) is plainly visible without drilling down on the desktop version of Gmail but not on the mobile interface. I was also able to hover over the link and see that it pointed to a website other than Chase.com.
But even if I hadn’t noticed it was a fake, I would’ve been fine. Why? Because I never (ever!) click links that in e-mails. Instead, I go to my browser and type it in directly (or visit from a bookmark). Or I call. Either way, I know where I’m going and who I’m talking to.
Had I clicked the link, I likely would’ve been presented with a real looking login screen and I may have punched in my account details, thereby handing the scammers the keys to the proverbial kingdom.
So what can you do to protect yourself? For starters, never (ever!) click links in e-mails, no matter how real they look. Also pay attention to whether or not the e-mail contains any personally identifying information. Did they include a part of your account number? If not, be very suspicious. But even if they did, you’re not necessarily safe.
What about the from address? If the originating e-mail address doesn’t match the supposed sender, beware. But even if it does match, you’re not necessarily in the clear.
What about the links? In most cases you can hover over them and your browser or e-mail client will show you the underlying address. If it’s not familiar, steer clear. But once again, even if it looks vaguely familiar, it might not be legit. For example, something like chase.myawesomecard.com doesn’t point to Chase. It points to a subdomain at mysawesomecard.com — which I just made up, but could very well belong to a scammer.
Another thing to look at (in Gmail, at least) is whether or not the images in the message are loading. While you can click a link to tell Gmail to always load images from a certain sender, phishing messages typically come from domains from which you haven’t previously received e-mail so the images won’t automatically load.
But really, the best defense is to either call the number on the back of your card or go to your web browser and punch in the address directly. Like I said above, if you do this you’ll know exactly who you’re dealing with.
- How to Become a Millionaire
- How to Get Out of Debt
- The Best Dollars I've Ever Spent
- How Our Estate Plan is Structured
- How We Paid Our Mortgage In Less than 10 Years
- Money Making Ideas
- How to Manage Your Asset Allocation with Multiple Accounts
- Consumption Smoothing - Save While the Saving's Good
- How to Save on Groceries
- How Much Life Insurance Do You Need?
- Eleven Great Books About Money
- Dave Ramsey is Bad at Math (693)
- Dish Network Customer Service SUCKS (537)
- $8,000 Homebuyer Tax Credit (429)
- Pay Off Mortgage Early or Invest? (424)
- How to Claim the First-Time Homebuyer Tax Credit (352)
- Termite Control: Sentricon vs. Termidor (330)
- How Much Should You Pay a Babysitter? (291)
- Ethanol Blended Gas = Lower Mileage? (273)
- Reduced Credit Limits? Share Your Experience (256)
- $15,000 Homebuyer Tax Credit (242)
- Buying Furniture off the Back of a Truck (237)
- Will Mac OS X Lion Kill Quicken 2007? (191)