Community Alerts
LOOK-ALIKE SPAM MAIL KEEP SURFACING; DON'T FALL VICTIM TO IDENTITY THIEVES
By California Office of the Attorney General
Jun 8, 2005, 07:03

Consumers should be on the alert for official-looking e-mails that are actually spam mail sent by sophisticated identify thieves trying to trick you out of personal information that can be used to drain your bank account, fraudulently get credit cards and commit other crimes.

Small and large companies have been spoofed, such as PayPal, Bank of America, Best Buy and First Union Bank. The e-mail received look like they may be coming from the company with whom you do business and even use a URL that looks like the real thing but it's not.

Don't be fooled! The scam is commonly called "brand spoofing" or "phishing" because the spam mail sent uses familiar or legitimate-sounding names of companies to trick consumers into disclosing confidential personal information. The e-mail may use all or part of a legitimate company's name, and the hyperlink may closely resemble its web site, complete with company logo and color schemes that make it look like close to the real thing. For instance, the Earthlink.net spoof used a URL like www.earthlinkservice.com.

According to security experts, these types of computer attacks are on the rise because scammers are taking up the tactics, tools and techniques of virus writers and spammers. These scams often are difficult to detect because they can come from anywhere in the world and shut down quickly. Report suspected cases at www.ifccfbi.gov, the federal Internet Fraud Complaint Center.

Be wary if you receive e-mails that contain:

• Generic greetings. Many spoof e-mails begin with a general greeting, such as: "Dear PayPal member" or "Dear AT&T Member".
  
  
• A false sense of urgency. Many spoof e-mails try to trick you into acting quickly by warning that failure to comply will result in your account being terminated, suspended or charged a penalty. For example, AT&T customers were spammed with the following fake notice soliciting credit card account information: "We recently attempted to charge you for your cycle use plan and your credit card issuer denied payment to our billing systems. This usually occurs when billing information is out of date or billing address is false. If your account information is not updated within next 48 hours, we will be forced to terminate your account. Thank you for cooperation towards this urgent matter."
  
  
• Fake web links. Don't click on the link contained in the suspicious e-mail. By clicking on the link, you could be opening your computer to viruses or hidden installation of "key logging" devices that can record everything you type, including user passwords and account information, and have the data sent automatically to the identity thief or be harvested later.

• When in doubt, throw the e-mail out.
  
  
• Never give out personal information by e-mail.
  
  
• Don't trust e-mail headers. They can be faked.
  
  
• Never fill out a form in an e-mail message. You never know who will get it.
  
  
• Never trust the link in an e-mail message. Scam artists are getting sophisticated and are able to have their web site mirror a legitimate business web site.
  
  
• Don't trust e-mail messages on the status of your account. Always go directly to a company's web site to access your account information.
  
  
• Don't respond to messages that come with an embedded link and a sense of urgency about your account being closed, temporarily suspended or fee being charged if you don't respond.