Ever gone Phishing? I hope not. Phishing is an Internet scam that works this way: The scam artist copies a real website's design including graphics, text, and all. it could look just like E-Bay, CitiBank, or any such website. An E-mail is then sent to tens of thousands of recipients using E-Mail lists garnered from the Internet. The message is designed to look like it comes from the financial institution. The message will say something like:

      Your bank account records were accessed by an unauthorized person. Even though none of your funds were compromised, we have frozen your account for your protection. To reinstate you account, please log on to [weblink here] using your old user name and password. We recommend that you change the user name and password for your protection.

      So you click on the link in the E-Mail message and do what it says, right? I hope not. Why? Because the link in the E-Mail goes to the fake page and you then end up (unknowingly) giving your information to a scam artist who accesses your account and transfers the funds to his account before you know what happened. These scams usually only stay online for a matter of minutes because that is all it takes for them to get two or three "Phish," make some money, and shut down operations at that web address. A few minutes work on their part could net thousands of dollars. They normally operate from locations outside the United States making it difficult, or sometimes impossible to bring them to justice.

      Let's take a look at a few scams and learn how to recognize them:

      This particular scam had all the fancy E-Bay logos and headings and said that their was a problem and that your account may have been entered without your permission (or something like that). The message said "click here" and verify your credit card number, password and account name to stay active. This same exact scam has been going on for years using bank accounts and other websites. The problem is that the "Click here" part did not take you to eBay but to another website that LOOKED like eBay, and acted like eBay, but it wasn't eBay. The fake site recorded your password and user name and credit card number. It's an easy scam to run for a short time, and all you need to do is get one or two people to fall for it to make a lot of money before they even realize it.

      Here's a good example of exactly that. I received an E-Mail that looked like this:

Please follow the link below:
https://www.paypal.com/cgi-bin/webscr?cmd=login-run
and update your account information now

      The problem is that, although the link looked like it would take me to PayPal, the message was in HTML format and the text was a hypertext link that went to:

      That is NOT PayPal. Their page is at:

http://www.paypal.com

...and once logged in you should be at:

https://www.paypal.com

Note the "s" in the http part. That means that you are on their secure server.

      Early last month I received an E-mail advertising a new anti-spam software application. I thought I would give it a try so that if it were any good I could review it for you. Here is a screen capture of the message I received:

      Getting rid of Spam is a good thing, so I was about to check the application out, but before I did I took a close look at that message. Three things made me raise an eyebrow. The first was that there was some odd text in the message. It was a bit hard to see, but for no reason I could deduce there were some words, in light gray, in the body that had no reason to be there. For example:

      These unneeded words appeared in seven different places in the letter. Next, I checked the links themselves. The link appears as:

      But the actual URL to which you would be directed was:

      I cut the entire address off in the above example, but it was followed by an incomprehensible string of no less than 67 letters and spaces that appeared random (but of course, were not).

      It doesn't take a rocket scientist to see that the URL contains the string "www.optinspecialists.info"

      Any time you see "optin" be wary. To "opt in" means to sign up for some sort of list. And that can often be a lot easier than getting you name off the list. Beyond that, it is clear that the address apparently has nothing to with any sort of Spam Remedy.

      I then noticed that the "To:" of the E-mail message showed that it was sent to:

      That is not me. Never has been me.

      So I went to my browser and typed "www.optinspecialists.info" directly in the URL address bar without all the "extra" stuff and found this:

      I don't see anti-spam. What I see Is Spam!

      The next page I visited was: http://www.optinspecialists.info/remedy/ where the link to download the software exists. There I found a page that looked quite familiar. It was amazingly like the C/Net download pages:

 

      Just a coincidence, you say? I think not.

      So, what is this software about anyway? I am not going to be the one to risk my computer or personal security to find out. It could be spyware- "watching" what you do on the computer and recording keystrokes, passwords, credit card numbers, websites visited, and the like. It could be a worm scam, where the software installs harmful code on your computer, and might even send your entire address book back to the website. It could even be Spamware that allows closes your anti-spam software and firewall and allow spam to get through to your computer. I don't know, and I don't care, but anyone who has to promote software this way doesn't deserve my business, nor my attention.

      So is it real software or is it something else? I'm just not brave enough to find out on my own!

      I did do a search all over the Internet (including C/Net's website) for "Spam Remedy Pro" and found nothing except pages of various complaints about Spam Remedy on message boards discussing system crashes and the like.

      Looks real enough, doesn't it? But wait- the actual URL address for Chase online banking is: http://www.chase.com which would seem logical enough. The above E-Mail message had a number of links in it that went to: http://email.chase.com/ followed by a string of 29 letters and numbers. Beyond that, previous messages from them did not contain any links it them- only URLs typed out in the body of the message, as in, "To log onto your account, go to http://www.chase.com..." etc.

      Since we have a Chase account it certainly would have been easy to fall for the scam. You would have to think, "Wait! Of course I want to continue to use the Chase online banking service!" Or, would you?

      I contacted the Chase online banking security folks and reported all of this and received the following personal E-Mail from them:

      Thank you for forwarding the email to me. The email you received was indeed sent by Chase. In light of your inquiry, I would be interested in knowing what piece(s) of the email made you question it's validity? This feedback will help us in designing future communications with our customers.

      Although this email was a legitimate Chase email, you did the right thing by checking it's validity before inputting your information. If you are ever concerned about the validity of an email or phone call, you should always do some research before giving out personal information. It is an important factor in preventing identity theft. If you would like to find out more information on how to prevent Identity Theft, you may download Chase's Identity Theft Kit for free at: www.chase.com/idkit

      The logical question at this point would be, "How can I know if an E-Mail is legitimate or not?" Many times, the simple answer is, "You can't!" Without knowing what to look for, and without having the motivation to look into it, and without learning a bit of HTML, most of the time you can't tell. I could forge virtually ANY website on the Internet, put the link in an E-Mail message, and unless you know what to look for, you would never know the difference.