From the Kenosha News on 12-12-04

Don't get caught by those e-mail 'phishers'

      E-mail scams are definitely not a festive topic for this holiday system, but they are so prevalent and so dangerous that I want to discuss this topic before it ruins your holiday!  In the past week alone, I have received two such e-mails, "phishing" for private information like credit card numbers. 

      Below is a summary of my experience and some tips to avoid these scams. For an in-depth explanation of the topic of e-mail scams and phishing a form of identity theft via e-mail the December Reader's Digest article "Don't Take the Bait" by Jamie Malanowski is very informative. 

      One message I received claimed to be about my CitiCard account.  Since I don't have a CitiCard, I knew this was a scam.  The second message was supposedly from support@paypal.com (aka "the PayPal team") and had a subject of "PayPal Account Review Department."  I do have a PayPal account, so this was more plausible.  It began with the official PayPal logo and continued to explain how committed they are to maintaining a safe environment.  They stated that they had noticed some unusual activity in my account and had therefore "limited" my account.  They requested that I click on the link in the message and "restore my records" by a specific date or my account would be suspended.  They even included a link to the PayPal privacy policy at the end.

      Now, because I have some experience with fraudulent e-mail, and I'm generally skeptical, I know that this is a scam.  I check my PayPal account pretty regularly, so I know that there has been no "unusual activity," nor is my account "limited."  Here are other ways to recognize a scam:

    1. Virtually no reputable company sends requests for account updates in an e-mail with a link included in the message.  Always be skeptical of such messages, including ones from software companies telling you that you need a patch or from a health care agency requesting you update otherwise private information.
    2. Check the "headers" of the message.  Most e-mail programs have a button or option to display full headers.  While it looks very technical at first glance, it tells me that my message is really from DOTMYMGHOALLER@mc12-f24.hotmail.com, not paypal.com.
    3. Check the link in the message.  Don't click on it, but just float your mouse over it and look at the bottom left of your browser window.  In my message, the link doesn't really point to paypal.com, but rather to an IP number 222.235.68.33 which is not paypal.com.

      If you have any concern about an account being referenced in the e-mail the you receive, launch a new browser window and go to the address at which you usually access your account, e.g. www.paypal.com.  Check if your information is correct and then disregard the message!

      If you have clicked on links in such messages and filled in credit card information, contact your credit card company immediately.  Check for fraudulent charges and request a new card with a new number.  Better safe than sorry.

By Carol Sabbar from the Kenosha News on 12-12-04