How to Handle Spoof E-mails

You may have heard of the terms "phishing" or "spoof" e-mails. You also may be wondering what exactly these terms mean. A "spoof" e-mail is a fraudulent e-mail from someone who is pretending to be a company, such as PayPal, eBay or a bank with which you do business. For this article, I am going to use PayPal as the example, since PayPal is a common company used for spoof e-mails. The scam artists will recreate the company's logo and website, to look just the real thing. It's very deceiving, and that's the whole point. This e-mail is sent to you, in attempt that you will click on the link in the e-mail and enter your personal information. These scam artists are hoping that you are a member of PayPal (or other company), and that you will think that this e-mail is from PayPal asking for your info. Once you have fallen for their scam, your personal information is now in the hands of identity thieves. Sound scary? Do you know what to do if you receive one of these "spoof" e-mails?

Identify the Spoof

You may come across an e-mail in your inbox from "service@paypal.com" which sounds completely legitimate until you open the e-mail. The spoof e-mail will not address you as Mr. Smith or Mrs. Jones, it will instead say "Dear Valued Member" or a similar greeting. Keep in mind that all of the companies you belong to, including PayPal, will ALWAYS address you with your name, and they will never send you an e-mail greeting you as "Valued Member". Next, read through the e-mail and see what it has to say. Most spoof e-mails you scare you into thinking your account is in jeopardy of being closed if you don't update information immediately. A lot of people fall for this, and that's why thieves use this method. For example, an e-mail might state "To prevent account suspension, please update your information immediately." According to PayPal, they will never ask you for the following in an e-mail: credit/debit card numbers, bank account numbers, driver's license number or passwords. The spoof e-mail will provide a link to the website where you are supposed to enter your personal information. STOP HERE! If you click on a link and see that the URL is something other than www.paypal.com, DO NOT enter your information. Even if it includes PayPal in the address, it could be fake.

Report the Fraudulent E-mail

After you have received one of these spoof e-mails, contact the company and tell them about it. For example, with PayPal, you are able to forward the spoof to PayPal for investigation (spoof@paypal.com). Most companies will want to see the actually e-mail, so that they can check into the links and have them removed.

What Happens if I'm a Victim of a Spoof E-mail?

If you clicked on the link in a spoof e-mail, entered your personal information, and didn't realize that it was fake, until maybe it was too late, you have fallen victim of the spoof. However, don't panic! There are ways to prevent identity thieves from using your information. First, change the password on the website immediately, since this is the first way that thieves will try to access your online information. You may want to change your e-mail address as well. Next, contact the company and explain that your private info has been compromised. Do everything they tell you to do. Most likely, you are not the only person who has been in this situation.

For PayPal, you will want to call any bank or credit card company that you have registered with your account. Call your bank and cancel your debit card, and that way if a thief tries to use your numbers, it won't work. The bank will have a new card, with a new number, sent to you. Next, contact the credit bureaus and place a "fraud alert" on your credit report. Once you do this with one bureau, they are required to inform the other 2 bureaus of your alert. With a fraud alert, this makes it a lot harder for ID thieves to open new accounts under your name and social security number. If your report has a fraud alert on it, all creditors are required to contact you first and confirm who you are. The fraud alert is only good for 90 days, therefore you may want to renew the alert after the 90 days expires.

Now all you can do is monitor your accounts and credit reports. If anything unusual or unfamiliar comes up, report it immediately. I suggest getting a copy of your credit report. If you place a fraud alert on your credit report, you will get a free copy of your report along with the alert. Print it out and keep it handy.

Get registered on a site, such as LifeLock (www.lifelock.com), which will protect your identity from being stolen. There is a cost for membership, but the fee is absolutely worth it if you are worried about your information being used by someone other than yourself.

In conclusion, protect yourself when using the internet and using your personal information. It's now easier than ever for thieves to steal your identity. Being smart about it will prevent it from happening.