Skip to main content.
April 25th, 2005

To be, or not to be scammed

Being a home-based business owner can sometimes be a lonely experience. Visiting online forums and discussion boards as I mentioned yesterday can be a good way to escape the loneliness.

Sometimes this helps and other times it doesn’t. Many new home business owners get so lonely that they relish the times when they receive email. This feeling of excitement will die down over time as you fight off the constant spam that will flood your inbox however. But can you always tell the difference between legitimate email and spam? You’d like to think so, but this may not always be the case.

More and more frequently, thieves trying to steal your identity, financial information, and access to your accounts are getting better at their game of deceipt.

Fake emails and even entire fake websites are built to appear to be sent from your financial institution or online account provider (even your ISP “Internet Service Provider”). These are referred to as “Spoof” or “Phishing” emails and/or websites. The sole purpose of them is to get you to enter your personal information so it can be saved to the thief’s database to steal your money, identity, credit worthiness and/or your life as you know it.

Here is only a partial listing of the types of spoof emails you may receive as they relate to:

Banks
Credit Card Companies
PayPal
Ebay
Mortgage Companies
StormPay

Usually, it’s the html-based emails that are the easiest to get tricked by. That’s because they have the logo of the bank, or PayPal as an example, in the email. Even the underlined hyperlinks only show the name of the company’s website. What the thief does in the background in the html code is where the deception starts.

A basic understanding of the composition of a hyperlink is necessary so you can gain an understanding and appreciation of just how sleezy these thieves can be:

When you read an email that has a link like: www.paypal.com and it appears underlined, what is making the link active is html code. I’ll use PayPal as an example, but the same would be true for any spoof email and/or website for the types listed above. It is written like this:

<a href="www.some-slimebags-spoof-site.com">www.paypal.com</a>

Let’s disect the parts of that html code. The first section within the brackets <> is the code that makes the link active after the closing bracket “>”. It provides the instructions for the link. The link is what appears between the closing bracket of the “a tag” and the opening bracket of the “closing a tag - </a>.” The at the end of the link tells the page where to stop making the link active. The “href” tells the link where to go when it is clicked on. Notice that the href instruction and the name of the link does not have to be the same. Compare href=”www.some-slimebags-spoof-site.com” to www.paypal.com Even though the readable text in your email says “www.paypal.com” that is not where the link will take you.

Now, the deception goes deeper. Many thieves are now using an “IP Address” in place of the domain name in the href tag. An IP Address is an identifying number for the “Internet Protocol Address” of a domain name. Since you couldn’t remember every website by a number, the technology of the Internet assigns a human-readable domain name that resolves itself to an IP Address.

So, an email spoof may have this html coding: <a href=”255.255.255.255″>www.paypal.com</a> Unless you knew the actual IP Address for the PayPal domain, you wouldn’t know that you were going to a spoof website.

To make matters worse, sometimes an email will appear to be a text-only email, but it will just be an image file written in a text font to make it appear to be text and not html. The links would be the same as illustrated above.

Now, when and if you click on the www.paypal.com link, you would arrive at a website that is an exact clone of the PayPal website. The graphics and text would match exactly that of the real PayPal website. However, you would also either click another link to enter your information to “verify,” “validate,” “re-activate” or “update” your personal information that the thief is probably notifying you that it has “expired,” “been compromised” or “temporarily suspended” for some oddball, but believable reason.

If you were to enter your information on that spoof website, your username, password and other personal information would be trapped by the thief and recorded to their database. They may use it personally to raid the funds in your account, and/or they may make more money by selling your information to other theives.

Now, if you find yourself to be the victim of a spoof email, you can visit the company’s website and report the violation. PayPal, for instance, has a Security Center link you can click on at the bottom of their website to report the crime.

This is a SCAM of the worst kind. ABSOLUTELY NO bank, ISP, PayPal, Ebay, credit card company, mortgage company, StormPay, or any other company you have an account with will ASK YOU FOR YOUR USERNAME AND PASSWORD. They already have access to it in their own legitimate database. Some companies may not be able to access your password and in these cases, you would need to log into your account and change the password yourself. You can also use their “lost password” or “forgot password” function and have your password sent to you by email.

If you really think about it, receiving one of these spoof emails should trigger alarms in your brain the same as if your banker called you asking for your account number.

Even if you buy something on Ebay, no Ebay seller should ever have to ask you for your eBay ID and/or password. If you are a customer, they should already have your ID and THEY DO NOT NEED YOUR PASSWORD.

Moving onto passwords and password security. There are precautions you can and should take to protect your passwords. DO NOT EVER use the same password from one account to the next. This is especially true if you’re setting up a new account with a company that you know little about.

You should also change your passwords monthly. When you choose a password, don’t use common words such as password, or the most commonly used “P-A-S-S-W-O-R-D.” Don’t even use words that can be associated with your own name, birth date, street address or anything that a hacker could use to enter into their program to guess your password with. Use random letters and numbers in combination. Make a simple text file in Notepad and maintain a listing of your passwords. This will help you keep track of your random passwords for your different accounts.

I use a program called Mailwasher Pro. This has been a lifesaver for controlling the amount of spam I receive on a daily or even hourly basis. You load the program just like any other program. Enter your email accounts and then download the email from your mail server before you even load it into your email program. You can tag messages to be deleted from your mail server and even bounce the message back to the sender (spammer). The spammer thinks that since they received a bounce on your email address, that it is bad and usually remove it from their list. I have found that I rarely receive second emails from the same spammer after I bounce their messages back to them. And it feels good to hit that “Process Mail” button and bounce the spam back to the spammer. You can learn more about Mailwasher Pro at www.programs2helpyou.com/mailwasher

Until next time, be safe, be smart and enjoy your home-based business success!

Posted by Administrator in General, Skills

This entry was posted on Monday, April 25th, 2005 at 1:15 pm and is filed under General, Skills. You can follow any responses to this entry through the comments RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.