Recently, I received an email from my niece that indicated she had been in “London, England” on the weekend, where she was mugged and lost her cell phone, credit cards and passport. The email asked me to send her money and to contact her by email or at a phone number. The email had her name at the end and was from her email account.
Although she has been known to travel to Europe, she had not traveled and she did not send the email. How did the email come from her account, you might ask? I am guessing that she responded to a “phishing” email that purportedly came from her email provider or Facebook requesting her password due to some sort of problem with her account. It probably directed her to a link on a website where she filled out a form. Once she provided the information, the scammer changed her email account password and sent the scam email to her entire contact list. Gmail suspended the account and she lost her entire contact list as a result. She is now in the process of reconstructing her contact list.
Even more insidious are emails purportedly from Facebook that have a link to view the page. Once you go to the link, you log in and they capture your user name and password, but you didn’t actually log in to Facebook.
I heard the same story three days earlier from someone else whose friend had done the same thing and I have received several similar phishing emails.
So how can you avoid a disaster like this?
First, don’t provide anyone else with your password. No email provider, no social networking site, no bank or other company will ask you for your password in an email to you.
Second, don’t click links in an email unless you are absolutely certain that it was sent to you by the person or company whose name is on it.
Some good tips on how to determine if an email is fake are available online.
Microsoft Safety and Security Center: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx This article is good because it gives you some tips on how to see if a link is legitimate or not and how to identify phishing emails.
Facebook has a description of exactly the scam (the London Scam) that was used on my niece: http://www.facebook.com/group.php?gid=9874388706
Another article about Facebook Scams at a site for Facebook users (not from Facebook): http://www.allfacebook.com/facebook-scams-2010-01
PC World
http://www.pcworld.com/article/230755/spot_and_avoid_facebook_scams.html
Always check before you click on a link. If you hover your cursor over a link, you can see the address. The same is true of email addresses. Make sure it is going where you think it is!