Happy Mother’s Day or Spoof

We have all been warned, time and time again, to be careful of the e-mail we receive, and to not automatically assume a message is authoritative or legitimate just because it looks to be so.

I've had a number of incidents over the years where I could have easily been the victim of a phising scam, with the latest occurring just today. How, you may ask, does this work? Well here's how the scenario played out this time.

I woke up this morning, checked my e-mail, and found a message from PayPal informing me that I had just purchased a NEW MOTOROLA V3 PINK RAZR RAZOR QUAD-BAND CELL PHONE. Well, I thought, isn't that nice. I've apparently just paid $239.95 for a phone that I didn't order, shipping to some guy in Main that I don't know, and I didn't even get a thank you.

Trying not to panic, I closely studied the e-mail, and, unfortunately, it looked legitimate. The subject line seemed reasonable, the from address appeared to be paypal.com, and the message content all looked real!

Knowing that I didn't buy the phone, and seeing the name and address for a person in Maine, I suspected the message was a fake. Without clicking them, I started to investigate the links embedded in the message itself. The first link, an e-mail address, was legitimate, so I continued down the page until I reached the Dispute Transaction link. After a quick study of this link, it became apparent that I was being scammed. Instead of containing a PayPal address, as it should have, the link contained the address for a totally unrelated site (in Eastern Europe). Had I clicked through, I would have been taken to a page that would have asked for my login credentials, under the guise of reporting an unauthorized transaction on my account, and voila, the bad guy has my login ID and password and can now proceed to strip my account of all its worth. I'm sure I wouldn't have received a thank you for that either.

So what's the lesson here? If you receive a message from one of your financial institutions, don't assume the message is real. In fact, assume that it isn't and then work backwards to prove that it is. Never click the links is a suspicious message until you are certain of its legitimacy (clicking links can verify your e-mail address is legitimate, and will all but guarantee more SPAM) and, more importantly, don't key-in your login credentials or other personal information if your have any doubts that a site is legitimate.

Oh yes – how does Mother's day factor into all of this? The irony here is that my wife has been at me to get her a new cell phone for a while now. The phone she's been wanting isn't just any ol' phone, it just so happens to be this exact same phone that was described in the SPAM message. When she saw the e-mail she thought she finally got through to me — imagine the look on her face when I told her, "Sorry dear, it's just a spoof."

~GT~