- Avoiding Phishing Scams and Spoofed Sites
Other articles to try:
Avoiding Phishing Scams and Spoofed Sites
Updated: 5/12/2008
Article ID: 6113
Important: Some customers have received an e-mail from "Turbotax.com" or "turbotax.us" about updating their software through a link in the message. The e-mail looks legitimate but it is not. TurboTax emails always come from intuit.com, unsolicited emails never request personal info, and updates should either be done in the product or from the TurboTax Support Site.On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information, according to Wikipedia.org. There are several ways a scam artist will try to obtain your social security number, driver's license, credit card or bank account number. Here's how to avoid getting caught in the Net.
- Spoofed email address. It's easy to fake a From or ReplyTo address, either manually or with spam software, so never assume an email is real by looking at its header. You might be able to spot fake addresses by checking for domain name misspellings, but this isn't foolproof. Best bet? Don't reply to unsolicited email and don't open email attachments. By the way, some email service providers combat the problem of spoofed addresses by using authentication techniques to verify a sender's integrity.
- Fake link. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the email threatens you with account closure if you don't log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over and looking at the bottom of your browser to see the hidden Web address -- it will look different than the one you see on the surface. When in doubt, never click on a link in an unsolicited or suspicious email.
- Forged Website. Phoney Web sites mimic real sites by copying company logos, images and site designs. Malicious Webmasters can also use HTML, flash or Java Script to mask or change a browser address. If you must visit a financial site, like your bank or credit card company, enter its known address into the browser location field manually. Use a browser with an anti-phishing plug-in or extension, like FireFox or Internet Explorer 7 to warn you about forged, high-risk sites.
Tip: If you receive a questionable email that looks like it's from the IRS, don't reply and don't click on any links. Forward the email to the IRS Phishing Mailbox at phishing@irs.gov.
Important: Avoid entering portions of your social security number into forms, unless you are absolutely certain that you are on an IRS Web site, as this can be used to guess the remainder of your Social Security Number. Phishers can automate the process of submitting multiple requests and eventually gather enough data to uncover your entire SSN.
Additional Reading
- Yahoo! - tips to help you avoid phishing
- Microsoft - Recognizing Phishing Scams and Fraudulent / Hoax Emails
- Internet Identity - Anti-Phishing Tips for Consumers
- Media Alert - Iconix Offers 10 Tips to Avoid Phishing Attacks
