Data Doctors: How to recognize and avoid email scams

I received an odd email asking me to confirm info on two transactions. Email said I had requested the info, which I had not. I hit spam. Is this related to Target problem?

The scam message could potentially be associated with the Target breach, but not likely as the thieves that compromised the 40 million accounts pretty much got away with everything they needed to make fraudulent purchases.

Email scams tend to be a ‘phishing' expedition by scammers that are looking to gain the information necessary to take advantage of random victims. Email is a very efficient way to send out tens of millions of cleverly crafted messages that incorporate social engineering tactics that can fool even the most diligent of users.

Social engineering is designed to exploit the weakness in people instead of vulnerability in your computer; think of it as hacking humans.

For instance, saying that you had requested the information will sometimes cause victims to assume that it's legit and let their guard down.

Another version of the scam might alert you that your credit card has been shut off until you verify the questionable charges, which you can do by clicking the enclosed link.

If they can get you to trust the information and include an easy way to resolve the situation (usually a link to a site that would look exactly like your financial institution's site), it can all seem like business as usual.

I'm not aware of any credit card companies that would ever use email to alert you of potentially fraudulent activity on your account. It's usually a phone call or in some cases, an app that you chose to install on your smartphone or tablet.

Even phone calls from what seems to be your credit card company can be scammers trying to get you to give up your three digit security code on the back of your card, because they acquired your credit card number and contact info and need the code to use your account to make online purchases.

Once again, the credit card company wouldn't ask you for that code, since they already know what it is. They'll generally ask you a series of security questions that may include the last four digits of your social security number or a security code that you setup yourself.

The biggest problem with social engineering scams is that they are constantly changing to reflect what credit card companies are setting up as security measures, which makes them difficult to protect against with simple advice.

Email is still the most productive way for scammers to gather victims, so your suspicion level for anything you get from what appears to be a bank, credit card company or merchant should always be high.

This focus by cybercriminals on email scams is a really good reason to seek out a mobile app from your financial institution so you can always directly communicate with them from a trusted interface.

Even when you think an email message is legit, you should avoid clicking on any of the links. Instead, call the company or open a browser window yourself and manually go to the company's website or use your mobile app and access your account.

If the info sent via email is legit, it will show up when you log into your account or mobile app or call the number on the back of your credit card.

Print this article Back to Top

Comments