I wanted to write this post from a personal standpoint on the awareness of phishing and fraudulent emails. I was absolutely shocked at how legitimate the email and website looked! Fortunately, I am aware of what is expected, and what are red flags, thanks to my researching for up to date newsletters and blog posts. However, had I not known about the red flags, I would have submitted all my information. This could happen to anyone, and that is why I want to share with you the example that just happened to me. At the end of the article I will provide you with information on reporting phishing emails, fraudulent activity, and/or what to do if you think you have been a victim of identity fraud.
This email looks very similar to an actual email I received from American Express prior (which I will attach the header and footer later). Here is a screenshot of the email that I received:
The 7 red flags that I want to point out in this email are:
1. The greeting is vague. Instead of using my name, it is generalized with "Card member".
2. The account ending in 0001. Typically I do not know the last 4 of my card number, and normally do not have it on me to double check. Also, I like the padlock there to make it look like it is secure.
3. Although the toolbar looks very much legit, it is different. I'll show you what it looks like later.
4. I didn't even recognize this until I was marking the examples for illustration, but the side bar margin is off. This is where they photoshopped the letter with links to the fraudulent website. When it was photoshopped and added to the email, it wasn't aligned correctly.
5. The different fonts and the empty bullet points.
6. Add us to your address book... this really is suppose to say, update your email.
7. The last red flag on the email is "customer service" link. American Express refers to it as "Customer Care".
A few other red flags to keep in mind:
1. This email was sent to an email that was not even registered to my account.
2. I have never had a financial company email me to confirm a bank account by clicking on a link.
3. Believe it or not, I really did click on the link which took me to an American Express website (not the real one, of course). When I got to the website, it wanted me to fill out my personal information (name, address, phone number). I normally would just log in with my ID and password. As I skimmed the page, I saw they were requesting my DOB, Amex credit card number, social security number, and my banking information...to verify my payment account. I immediately closed the page, and clicked on the link again to see the web address. Well, this time it came up as (http://karazatina2354.com/amxxx/Validation/ )
4. Last, I clicked on the receiver to view the email address. It said American Express, but when you open the contact, the email was not even related to any financial institute.
Below are examples of an actual email I did receive from American Express previously.
1. In the Header, you will notice they use the card members full name. It is not generalized.
2. Refer to #3 above. I would not have known this if I didn't have something to refer to, but it illustrates how real it looks.
3. It has the same account ending, they do put the last 4 of your card number here (I deleted mine for obvious reasons). However, they don't have the padlock here.
The Footer is even more difficult to spot if you do not have anything to compare to.
1. American Express wants you to update your email, not add them to your address book.
2. As mentioned above, American Express has "Customer Care" instead of "Customer Service"
Once again, I have received some phishing emails in the past, but this one really surprised me, and I wanted to share this example.
PLEASE BE CAREFUL when responding to phone calls, emails, websites that contain personal information.
Here are some things to keep in mind:
1. If you are unsure if an email is legitimate, go directly to the website and log in, or Call the company direct.
2. When you have an account and login ID/password with a company, you will not surpass signing in to your account and fill in your personal information to update your information.
3. Open up the sender's contact to make sure it is tied to the company (ie. AmericanExpress@welcome.aexp.com)
What do you do when you received a phishing email or submitted your personal information?
You will want to report it immediately to The Federal Trade Commision at https://www.ftc.gov/
You can report Phishing Scams here: https://www.consumer.ftc.gov/articles/0003-phishing Your financial company, American Express in this case, will typically have a way to contact them regarding phishing emails or fraudulent activity.
If you feel like your identity is being compromised, this link will help you get started: https://www.consumer.ftc.gov/topics/identity-theft
No comments:
Post a Comment