Rule #1: Never respond to an e-mail request asking for your username and password.

Reputable companies never request usernames and passwords by email. The example email shown below uses a common phishing tactic–they are posing as a company or system you are familiar with in order to lure you into providing information…DO NOT BITE! See Rules 2 for additional guidelines to determine that this email is phony.

Example: The Webmail Scam

From: email [mailto:access@cyberservices.com]
Sent: Monday, March 29, 2010 10:45 AM
To: undisclosed recipients:

This message is sent automatically by our webmail program which periodically checks the size of inbox and also control anonymous registration of webmail accounts so we are shutting down some webmail accounts and your account was among those to be deleted. To help us re-set your SPACE on our database prior to maintaining your INBOX, you must reply to this e-mail and enter your:
Current User name:{ }
and Password: { },

Webmail Help Desk.

Rule #2: Positively identify the sender

Be suspicious of any email address from unknown sources and never respond to them with information. In this email they used the official sounding “access@cyberservices.com” but it’s possible for email scammers to use a known address in the from field. So even if you’re one of my customers and you get an email from my known email address asking for username or passwords out of the blue, be suspicious. When in doubt, revert to Rule #1.

Rule #3: Beware of Email links to phony websites

Email marketing is huge and if you’re like me you get many offers in your inbox every day. And if you’re like me you spend more money online than at the local malls (but that’s another story). There’s nothing wrong with shopping online as long as you ensure your clickthroughs land you at the real website. Positively identify that you’re at a legitimate website by checking the address field in your browser. It’s pretty easy for a scammer to create a look-alike website. For example if one clicks through a link on my e-newsletter to my website, the domain name in the address field will begin with http://cgwebhelp.com. There might be something after my domain like http://cgwebhelp.com/ blog/?cat=7 but the primary domain name will be cgwebhelp.com. If someone were trying to spoof me, you might see something like http://cgwebhelp.someotherdomain.com or possibly http://someotherdomain.com/cgwebhelp.

Rule #4: When in doubt look for a phone number

If you have doubts about doing business with a website, look for a phone number and address. Call it and see if you get a real person.

Rule #5: Google them

The internet is a great place to purchase hard to find items. My husband has kept our refrigerator alive much longer than I could have with the help of an obscure online parts store. But if you’re doing business with an unknown source, it doesn’t hurt to Google the business name and their web address to see if they’ve scammed anyone else.

Rule #6: SSL Certificates — heed the warnings

Chances are, if your computer is kept current with internet protection and anti-virus software, your browser will pop up a warning window if a site has an unauthorized secure certificate. If you get a warning window, you probably don’t want to enter secure information like a credit card account. It’s also a good practice to ensure before you enter sensitive information that the address field starts with a https:// instead of http://. Just remember “https” for security.

Rule #7: If it seems to good to be true…it probably is

You’ve all seen the emails from foreign dignitaries kindly requesting your bank account so they can deposit millions into your account. Or the email saying you’ve won some foreign lottery. I know you won’t fall for these tactics …will you?

7 Rules to help you avoid Phishing, Spoofing and Other Online Scams