By Mitchell Crawford
|
I was wondering what I might write about this month, when just before deadline, a curious e-mail arrived in my Inbox. It was a message from PayPal, which is now owned by online auction house e-Bay. PayPal is a payment system that allows you to pay just about anybody over the Internet. And, many purchases made with PayPal are guaranteed, which makes it an attractive way to pay for goods or services purchased through the Internet. The message was a confirmation for a transaction and it identified the amount, and the payee. It also provided a reference number for the transaction, a short description of what I purchased, and this message: “If you haven’t authorized this charge, click the link below to dispute the transaction and get a full refund.” The link the message referenced looked like it went to www.paypal.com, the legitimate Web address for PayPal. There were also other links in the e-mail to various departments at PayPal. I could not remember ordering anything recently with my PayPal account, so I started scrutinizing the e-mail. It turns out, the e-mail was not from PayPay. It was from someone trying to phish my PayPal account. The online encyclopedia, Wikipedia.com defines phishing this way: “In computing, phishing is a form of criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message.” |
How was I able to tell this was a fraudulent e-mail? It was not easy. The e-mail looked very professional. But what caught my eye was when I hovered my mouse over the link to www.paypay.com in the message. I noticed that the actual Web address to which I would be connected was not paypal.com. I then went to the PayPal Website directly, clicked on the link for security at the bottom of their Web page, and found where to forward an e-mail for PayPal to confirm or deny that the e-mail was from PayPal. I forwarded the e-mail to PayPal, and they responded within a few hours and indicated that the e-mail was not legitimate. What would have happened if I had clicked on the link in the e-mail? My guess is that it would have taken me to a Web site that looked like the legitimate PayPal site that would have asked for my PayPal account information so they could process a refund for me. Oh, and to make sure it was really me, they would also have asked for my PayPal password. And, then the Phishers would have had everything they needed to spend money from my PayPal account. So, be careful when using the Internet. Anytime you are asked to provide an account number and password, check first to see if the e-mail is legitimate. You can do this by going manually (not clicking on the hyperlink in the e-mail) to the service provider (in this case PayPal) by typing the Web address manually into your Web browser, go to their security center, and have them validate the e-mail. It is not easy, but it is necessary to protect yourself and your money. Have an idea, comment or question? You can e-mail me with your questions, comments or ideas for future columns at mlcrawford@sandimasnews.com. You can also visit the San Dimas Community News at www.sandimasnews.com where prior Personal Technology columns are posted. In addition, visit the official City of San Dimas Web site at www.cityofsandimas.com and the San Dimas Chamber of Commerce Web site at san dimaschamber.com. |