Protecting Yourself From Fraudulent E-Mails

In 2004, IDC estimated that each day there are more than 30 billion E-Mail messages crossing the Internet. The Radicati Group estimated that in 2004 there were nearly 900 million active mailboxes on the Internet with approximately half of these being used for business purposes.

Bearing in mind that these statistics were taken 2 years ago, it is certain that the numbers are much higher today. Clearly, E-Mail communication has become extremely pervasive in Internet business environments as a result of the ease with which information can quickly and easily be delivered to one or many people anywhere in the world. 74 percent of business people surveyed recently believed that losing E-Mail service presents more of a hardship than losing telephone service.

Unfortunately, the standard method of E-Mail communication over the Internet uses the Simple Mail Transfer Protocol (SMTP). This protocol was designed to transmit 7-bit ASCII character data between two IP hosts using the simplest and most efficient method possible. Security was an afterthought and security systems are almost never implemented by default in an SMTP-based mail system. Threats against an E-Mail system and its users have emerged just as quickly as the growth of the number of mailboxes. That brings us to a well-known E-Mail topic called “Phishing”.

Phishing schemes have emerged as one of the biggest threats to users personally. Phishing comes from the idea that you toss out a line and see who will grab it. The messages usually look reasonably legitimate and may actually appear to come from an organization from which you do business.

Often, phishing schemes can be exposed because you will receive a message from a bank or organization with which you do not do business with, or there could be typographical errors in the message. Depending on circumstances, one could believe that such a message is legitimate. However, since we know that no bank or payment processor will ask you for personal account data via an E-Mail, that is the final clue that the message is a fraud.

One good way to tell is that several good E-Mail programs will allow you to view the HTML code in the E-Mail. If it does not point to the intended URL, simply don’t use it. Another way is that some E-Mail programs reveal the URL by just placing your mouse cursor over the link. When you do this in Outlook, the true link will appear in a yellow balloon. One look at the URL will tell you if it is legitimate.

In any event, the general rule of thumb is this. If you receive an E-Mail from ANY bank or payment processor asking you to log in and validate your account information, you must assume it is a fraud…period! If your situation leads you to believe that there may be some legitimacy to the message, do not log in using the URL provided in the E-Mail. Go directly to the bank or payment processors website using your bookmark or their known URL. Practicing this rule may save you from falling victim to a phishing scheme.