Web Savvy Marketers

E-mail safety tips – avoid phishing scams

If you’re like me you’ve done business with at least one of these companies:

TiVo, Walgreens, US Bank, Disney, JPMorgan Chase, Capital One, Citi, Home Shopping Network, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, or The College Board.

These are just some of the companies whose email lists were exposed earlier this week, when Epsilon, the world’s largest email marketing firm was hacked.  Fortunately, the security breach was limited to email addresses and names, and not more sensitive information, like credit card numbers, or social security numbers.  But the breach warrants a reminder to be diligent in processing your email.

Imagine I’m a bad guy…

I’ve hacked into Epsilon and have obtained hundreds of thousands of email addresses for, let’s say, Capitol One customers.  Now I just build a website page that looks like a Capitol One website page, create an email that looks like it originates from Capitol One, send it to the thousands of Capitol One clients and wait for innocent victims to log into my website with their Capitol Once username and password.  Now I have all I need to log into the victim’s real account and steal their sensitive information, their reputation and their money.

It’s called Phishing.  The practice where bad guys send emails claiming to be a a reputable company to unknowing customers in order to lure them into providing sensitive information.

We’ve all received phishing messages. They’re mixed in with the hundreds of emails many of us process daily. Processing email takes time and it’s a job that we may rush through, but it’s critical that we think before responding to email and be absolutely certain that the sender of the email is legitimate.

As you process your email, remember…

  1. Never click through to a website that claims it needs you to verify your password.
  2. Be suspicious of any email requesting your password or sensitive information. Reputable companies will not randomly email you asking for sensitive information.
  3. If you receive an email from a company and you’re not sure if it’s legitimate, do not follow the link in the website, instead go directly to the website you know to be real or call the company to inquire about the request.

More about Phishing at and about email safety in general at WiredSafety.org.

 

 

Manage your domain name and beware of domain renewal scams

You own your domain name and it’s an important part of branding your business.  Some businesses are even named after their domain name–think Google, Yahoo, and yes, even cgwebhelp.  So it’s important that you have control of your domain.  You should know where it’s registered, when it will be due for renewal and how the process of renewal works.  And you should watch out for domain transfer scams.  Here’s a couple of scams that I  see regularly.

Domain Registry of America

This company may be a legitimate domain registry service, but their methods for obtaining customers is so unethical, I certainly wouldn’t want to do business with them.  Their technique for obtaining new customers?  They send an invoice.  Well it’s not really an invoice–it’s a solicitation to transfer the domain.  If you look very closely at the fine print, you will read that by sending payment you are authorizing them to transfer your domain to their registry service.  So the unsuspecting person sends them the $35 (which is likely more than their current registry charges to renew a domain) and unwittingly starts the process of transferring the domain.

Chinese Domains

This one arrives by email and suggests that your trademark is about to be infringed upon unless you swiftly purchase your domain with the .cn extension, as in yourdomain.cn.  This might be of benefit if you have a market in China or you anticipate developing a market in China, but most of the folks I’ve known who have received this solicitation have no intention of marketing to China.  For more information on this scam see http://professionalwebservices.blogspot.com/2007/10/chinese-domain-name-scams-from-china.html.

Know Where Your Domain is Registered

If your domain is important to your branding, and it most likely is, you should always know the following:

  1. Where is it located?  GoDaddy, Register, Network Solutions, Enom, OpenSRS, or one of the many other registry services available.
  2. Know how to access the information  and keep it updated with current contact information.
  3. Know when it is due to expire and the process for payment.  If it’s set for auto- renewal, make sure you keep a current credit card and contact information on file with the registry service.  If they can’t  charge your card because it’s expired, and the e-mail address on file is outdated, you’ll likely lose the domain name.

7 Rules to help you avoid Phishing, Spoofing and Other Online Scams

Rule #1: Never respond to an e-mail request asking for your username and password.

Reputable companies never request usernames and passwords by email. The example email shown below uses a common phishing tactic–they are posing as a company or system you are familiar with in order to lure you into providing information…DO NOT BITE!  See Rules 2  for additional guidelines to determine that this email is phony.

Example: The Webmail Scam

From: email [mailto:access@cyberservices.com]
Sent: Monday, March 29, 2010 10:45 AM
To: undisclosed recipients:

Subject: A© Copyright 1986-2010 Webmail Maintenance Team

This message is sent automatically by our webmail program which periodically checks the size of inbox and also control anonymous registration of webmail accounts so we are shutting down some webmail accounts and your account was among those to be deleted. To help us re-set your SPACE on our database prior to maintaining your INBOX, you must reply to this e-mail and enter your:
Current User name:{ }
and Password: { },

Webmail Help Desk.

A© Copyright 1986-2010 Webmail Maintenance Team

Rule #2:  Positively identify the sender

Be suspicious of any email address from  unknown sources and never respond to them with information.   In this email they used the official sounding “access@cyberservices.com”  but it’s possible for email scammers to use a known address in the from field.  So even if you’re one of my customers and you get an email from my known email address asking for username or passwords out of the blue, be suspicious.  When in doubt, revert to Rule #1.

Rule #3: Beware of Email links to phony websites

Email marketing is huge and if you’re like me you get many offers in your inbox every day.  And if you’re like me you spend more money online than at the local malls (but that’s another story). There’s nothing wrong with shopping online as long as you ensure your clickthroughs land you at the real website.  Positively identify that you’re at a legitimate website by checking the address field in your browser.  It’s pretty easy for a scammer to create a look-alike website.   For example if one clicks through a link on my e-newsletter to my website, the domain name in the address field will begin with http://cgwebhelp.com.   There might be something after my domain like http://cgwebhelp.com/ blog/?cat=7 but the primary domain name will be cgwebhelp.com.  If someone were trying to spoof me,   you might see something like http://cgwebhelp.someotherdomain.com or possibly http://someotherdomain.com/cgwebhelp.

Rule #4: When in doubt look for a phone number

If you have doubts about doing business with a website, look for a phone number and address.  Call it and see if you get a real person.

Rule #5: Google them

The internet is a great place to purchase hard to find items.  My husband has kept our refrigerator alive much longer than I could have with the help of an obscure online parts store.  But if you’re doing business with an unknown source, it doesn’t hurt to Google the business name and their web address to see if  they’ve scammed anyone else.

Rule #6:   SSL Certificates — heed the warnings

Chances are, if your computer is kept current with internet protection and anti-virus software, your browser will pop up a warning window if a site has an unauthorized  secure certificate.  If you get a warning window, you probably don’t want to enter secure information like a credit card account.  It’s also a good practice to ensure before you enter  sensitive information that the address field starts with a https:// instead of http://.   Just remember “https” for security.

Rule #7:  If it seems to good to be true…it probably is

You’ve all seen the emails from foreign dignitaries kindly requesting your bank account so they can deposit millions into your account.  Or the email saying you’ve won some foreign lottery.   I know you won’t fall for these  tactics …will you?

Our Location

222 Pitkin Street, Suite 125
East Hartford, CT 06108
Phone: 860-432-8756

Talk to Us

Follow us, subscribe to us, email us, or call us at 860-432-8756. We’ll use our Super Savvy Tool Belt to stay in touch however you prefer.

Sign Up for Email Updates