From the Kenosha News on 2-3-08

Spam and phishing e-mails look more authentic – watch out!

      Today’s spam is getting increasingly sophisticated.  I recently got an e-mail, ostensibly from Bank of America, stating, “For your security, access to Online Banking has been locked because the number of attempts to sign in exceeded the number allowed. To regain access, you must restore your account. Please click here and submin (sic) your information.”  (The words “click here” are a link to a web site.)  The standard Bank of American graphic was at the top, and it looked VERY authentic.  There are two reasons I suspected it was not legitimate, and two items I checked to confirm my suspicions.

      First, any message with an embedded link to click on to submit information is probably a scam.  If a bank were to contact you, they would expect you to go to the web address that you normally access in order to login to your account.  If I DID click the link, I would likely be taken to a very authentic-looking web page, where I would “login” to my account to try to fix it.  What would really be happening is that the web site would capture my login and password for my Bank of America account.  From there, the owners of the web site could use that information to login as me and either withdraw my money or transfer it to an account of their choosing.  If this were a credit card account, they could get my credit card info and use it to make purchases or even cash advances.  Either way, I would end up in a giant financial MESS! 

      Second, note the spelling error “submin” in their message.  This is a tip that the message is not legitimate.  (On the other hand, the absence of spelling and grammatical errors does not guarantee that a message is genuine or trustworthy.)

      To verify that the message is a scam, I do two primary tests:

  1. I look at the “full headers” of the message.  In my Yahoo mail I do this by clicking the “full headers” link at the bottom of the page.  Look at the return path.  In this case, it is NOT onlinebanking@alerts.bankofamerica.com as it claims, but rather nobody@host35.ipowerweb.com, which is not a Bank of America address.
  2. I float my mouse pointer over the link labeled “click here.”  It should point to a bankofamerica.com address, but it actually points to http://sieges-gerbet-grebot.fr/forms/update.bankofamerica.com... (something very long), which is a server in France.

Based on these tests, I concluded that this is a phishing (scam) attempt, and I deleted the message.

      One reader recently forwarded me a message he got from aweber.com concerning a work-at-home resource called GoFreelance, wondering if it were legitimate.  In this case, the e-mail passed all of the tests above, indicating that the company is real.  Still, work-at-home schemes are never the gold mines they seem.  So, I did some searching on Google and found only a few links – all negative.  While the e-mail is real, the promise of getting rich at home almost certainly isn’t.  It’s just a different kind of scam!

By Carol Sabbar from the Kenosha News on 2-3-08