As you might imagine, we receive quite a bit of email, mostly from readers wishing to express their opinions on pressing issues of the day.
But, in the past few months, we’ve received several electronic messages from a person we’ve known for years — and also know he has been dead for almost two years.
He is not sending us opinions from beyond the grave, although he was always a fun guy and we’d love to share a laugh or two with him again.
Such messages are called “phishing,” which along with “spoofing” are the latest gimmicks used by scammers to steal your personal information, start a new credit life as you, then laugh while they enjoy the things they’ve purchased, while you get the bills and the massive headache produced by a stolen identity.
If you have a phone number and/or an email account you are vulnerable, so don’t be too smug about the fact that your ID has not yet been pilfered.
Phishing is defined as impersonating a business or person to trick the recipient of an email message into giving up sensitive personal information. Data purloined from phishing can be, and often is used to commit identity theft or to gain access to online accounts.
The emails from our dear, departed friend offers a link, and the bogus friend’s advice is for the recipient to click on the link. If you do so, there’s a better than even chance you can kiss your identity goodbye.
Spoofing is similar to phishing, using deception to trick phone and email users into providing personal and financial information. Email spoofing involves the appearance of having been sent from someone — in our case, the late friend — but in reality not the person or company named in the email header.
These scammers are good at their craft. Spoofing involves the use of a forged IP address, which even your very own computer will usually believe came from a trusted source.
We have set our spam filters to weed out this kind of junk, but when the cyber criminals are using a familiar sender name/source identification, our tiny operating-system robot probably gets confused.
All of which confirms a long-held suspicion about the Cyber Age — don’t let your computer do your thinking.
Requests from these messages seeking sensitive information most often is a phishing attempt. The scammers usually ask for credit card numbers with the expiration date and security code, Social Security numbers, bank account numbers, birth dates or passwords. Any one of these pieces of information can launch an attack on your identity, and therefore your finances.
The simple truth is that legitimate businesses — especially financial institutions — do not ask for this type of information via email. Nor do any government agencies.
Now that we’re speeding along in the holiday season, the phishers and spoofers are going pedal-to-the-metal. Here’s what the Federal Trade Commission and FBI recommend to defend against such attacks:
Do not respond to any email or phone call unless you are absolutely certain who the sender is. Never, ever click on a link provided in such an email.
When you receive such an email, open the “details” feature and see the sender’s address. It’s almost an odd address. Keep your anti-virus and anti-spyware software up to date. If in doubt, do without.
On phone calls, your caller ID may show the sender is a family member or friend, but that may not be the case.
Electronic mugging is upon us, and just about everyone is a target.