What is it about getting an email message from a presumably trusted source that suddenly tosses all suspicion to the wind and makes many people inherently likely to take action without a second thought? In my mind this takes on two forms; one harmless and annoying, the other potentially causing personal financial damage. In both forms, the originator of the scam wants to do one thing: get the email recipient to take the requested action, whatever that action may be.
The first and longest running form of email scam are those annoying messages telling you someone will give you something for nothing. The most popular form, and the one I received from someone most recently is the one saying Bill Gates will fork over $1000
of his personal fortune when the message reaches 1000 people. Another variation suggests a pyramid scheme where you get varying degrees more money depending on how many people forward the message after you forward it to them. While Mr. Gates could probably give every living person on the planet a five dollar bill and still have some change leftover, the money he gives away goes to charities that need it, not people continuing to perpetuate this myth. I've never figured out why people are so desperate to believe they can get something for nothing (which is essentially what this ruse constitutes). For the record, Bill Gates stated at the beginning of his WinHEC keynote this year that he never sent the email that started this myth. If it sounds too good to be true, assume it is and delete the email. Granted, this is fairly harmless and only really annoying to the recipient, although I'm sure there's someone plotting revenge somewhere in the world because they've never received their check.
The more cunning and potentially disastrous email scam is the one where someone sends a message purporting to be your bank, PayPal or eBay and requesting you verify your personal information on a form. These scams typically want you to provide personally identifying information, including account numbers, passwords and identification data like social security numbers. I get dozens of these messages every week and occasionally puzzle over the ones saying they are from PayPal and eBay, because they do look real. So far, the "banks" I get email from are not places I've ever deposited any funds, which makes it easy to know they are fake. If you get a message from a bank asking to update your information, delete it. No bank will ever ask you by email for personal information. If you can't bring yourself to delete the message, call your bank or print it off and take it into a local branch. What confuses me in this case is the blind trust in assuming that because an email says it came from your bank it did come from your bank. The first thing that comes to mind when I see these messages is: if they need my other information, how did they magically retain my email address and no other personal data?
Admittedly, the email messages do look very official and are very confusing at first glance. As I said, PayPal and eBay messages, in particular, have confused me a time or two. I know the messages are fakes, but they seem quite real. Proceed with caution no matter who sends an email message asking for your information. Type the url of your bank or service provider into the browser window and bypass the email message to login and check for information about the so-called account update. Look for the secure site padlock in the lower corner of the browser window. Use tools like FraudEliminator
to verify the site you are visiting. Most of all, review any request for your personal information with a skeptic's eye.
While these risks certainly make it necessary to rethink how we interact with personal information online, it hasn't stopped me from making online my preferred method of commerce. I certainly trust the idea of giving my credit card number to an encrypted form more than I trust the idea of handing the physical card to someone who may be removing it from my presence during an in person purchase at a restaurant or store. The legitimate compromises to data that happen are generally attributed to social engineering or disgruntled employees, not true hacking attempts, which means the likelihood for someone to get tricked into revealing data or maliciously giving away information isn't something easily secured against. One of the best ways to protect your personal data in online transactions is to not store the credit card for later use. Places like Amazon offer this for convenience, but it's much harder for someone to steal your credit card info from them if they aren't storing it. Sure this means you type it in each time you purchase, but there's less risk of someone else discovering your card number as a result.
I bring all this up in light of a recent study
suggesting people are fearful of making online transactions. In general, I feel much safer buying online from trusted sources than I do buying offline because I have greater control over the entering of personal information. After joining a companies discount program at the local retail location, I got the welcome packet with my name misspelled, which could have easily been avoided if I signed up online and typed the information in myself. I'm frequently leery of seeing cashiers swipe my credit card several times because their machine isn't functioning properly, which has more than once resulted in a double charge. Instead of living in fear of being fooled by online con artists, due diligence is the key to getting a good experience in any financial transaction and erring on the side of caution never hurts.