It does not happen very often, but every once in a while I find myself doing a double take at that strange email looming in my email Inbox.  Did I recently ship something from UPS with an incorrect address?  Why has the bank lost my account information?  Do I even have a Discover card?

As my brain scans through the cobweb-covered files of my antiquated memory, I assess the authenticity of the email on my computer screen.  It appears to be a legitimate request from the Commonwealth Credit Union Online Department.  They have disabled my account because of three unsuccessful login attempts.  It figures, I can never remember all of the passwords anymore.I just need to click here to start the update process&Wait!  My brain has just sent a rapid fire message from the back corner of my brain to my right index finger, which is poised ready for action on the mouse.

"Attention Moron: You don't have an account with anyone called Commonwealth Credit Union!!"

Shoot.I used to be much better at recognizing these scams, but they keep getting more clever and official looking.

This is a real example of SPAM, or unsolicited email, disguised to defraud victims into revealing sensitive personal information.  This particular message is part of a "phishing" scam.  Phishing emails are designed to appear as if they are being sent from a reputable source.  They attempt to direct you to a bogus (but real looking) website to enter valuable personal information.  Often times, the bogus website appears just like the official company website, complete with appropriate logos and address information.  However, the fake website sends your personal information to attackers for the purpose of bank account access and/or identity theft.

Attackers often send spam emails to thousands of recipients.  While many of the recipients may not bank with the falsely represented financial institution, a small percentage of recipients may actually bank with that company.  A portion of that group may be swindled into providing sensitive information.  Unfortunately, it only takes a few duped victims to make this a lucrative scam.

Do not be fooled by unsolicited emails that request personal information.  Most banks and other financial institutions have implemented policies against asking customers for personal or account information by email.  Treat all unsolicited email with suspicion, especially if you do not know the individual or company.  If you suspect that the request might be valid, contact your representative (not the number provide in the email) by phone or in person to inquire about the validity of the request.

If you are unsure whether to delete the email or investigate further, a great place to start is the internet.  A quick Internet search of the subject text will often return numerous postings about email fraud or hoaxes.  If there is any doubt, never click on the links in the email and NEVER open an attached file.

Finally, make sure that your email application includes spam-filtering features.  You may not be able to eliminate every occurrence of spam, but a filter will greatly reduce most of the spam before it gets to your Inbox.

An excellent source of information about cyber security tips and awareness is the United States Computer Emergency Readiness Team (US-CERT), a the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS).

by Brad Keller
American Crime Prevention Institute