Go phish: PayPal, others, teach customers which emails to keep and which to throw back
Chances are if you have email, you've received a note purporting to be from PayPal or perhaps Wells Fargo Bank or even the IRS. Not all the emails are as obviously fake as others. Some scammers have great skills when it comes to duplicating the look of official emails.
Phishing traditionally ranks among the top 10 Internet frauds. It has low overhead and high return from the criminal side. It is essentially a mass email, which pays off when even a handful of the millions who might receive it fall for it.
The crooks behind phishing emails are trying to get you to provide them with personal information that they could later use to steal your money or open lines of credit in your name. The phone emails usually contain links intended to draw you to a look-alike site. The better the illusion, the more likely the victim is to give up what he or she shouldn't.PayPal is in the midst of an education campaign to try to get its vast network of users (you've got to use PayPal if you want to use Ebay) to recognize when they are being conned. The company has set up some tools to help users filter the real from the fake, such as the email address firstname.lastname@example.org. Users can forward suspicious emails there for an answer as to whether they are real or fake. The company also has a nicely prepared guide to help customers avoid becoming victims.
PayPal may be a high profile target, but it is hardly alone. The IRS is often used in these rouses. The computer security company, McAfee reports that the majority of phishing scams it has being seeing claim to be coming from Wells Fargo Bank. Wells Fargo is none too amused and has, like many financial institutions, set up an anti-fraud site intended to educate its customers into not becoming victims.
Trouble is, some of these phishers are good at web design. Some of these emails look very much like ones coming from your bank or other financial institution, and it takes a good eye for detail, as well as a healthy dose of suspicion, to avoid falling prey. For legitimate companies, however, the concern is that the more of these things circulate, the harder it becomes for a customer to take a legitimate email seriously.
Neither legitimate operations nor the government write mass emails seeking personal and financial information. The simplest rule is don't click the links and don't send personal information. And, don't use the phone numbers that might be provided in the emails, since they, too, could be part of the scam. The best solution if you're on the fence about the legitimacy of an email is to contact the company or agency directly through its own customer service or anti-fraud channels.
Also, remember that if you're a customer they should be addressing you by name and allow you to manually enter their site by typing in the known URL. A hint: You can tell if a link is phony by dragging your mouse over the link to see where it really directs you -- quite often not the same as the typed URL in the email.
Scammers will keep phishing as long as people keep taking the bait. Avoid the temptation, you can only lose.
If you've already become a victim, file a complaint with the Internet Crime Complaint Center.