Dangerous Scams - Phishing Attacks
Phishing is one particularly misleading and dangerous type of Spam the state workforce will encounter. Phishing messages have the following characteristics:
- They are unsolicited.
- They contain an urgent requests for personal financial information.
- To entice a response, they frequently contain exciting or upsetting statements.
- They will purport to be from a legitimate business (banks, PayPal, e-Bay, etc.)
- They are generally not personalized, though they can be.
- You may be directed fill out a form in the email, go to a linked website, or call a telephone number.
- The sender will eventually seek some or all of the following:
- Date of birth
- Bank account
- Social security number
- Login ID and password
The goal is to fraudulently gain your information and use it for their personal gain. The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.
What Should I Do If I Receive a "Phishing" Message?
Report the message to postmaster using the instructions for reporting SPAM. Most legitimate businesses will not solicit such information through email. If you believe it is legitimate, call a customer service number (not one listed in the email) or type the legitimate company URL directly into the address line (do not cut and paste from the email).
Phishing Techniques Designed to Trick Recipients
- Realistic looking and sounding messages
- Effective use of legitimate company logos in the counterfeit message
- Using part of a legitimate company name in a phony URL
- Redirected links - phishing emails make it appear as if a legitimate address is being accessed when actually routing to a fake
- Phone systems are now used as part of scams to gather confidential information instead of an electronic form
- Faking the yellow security lock graphic. Typically double-clicking on the lock displays the security certificate
- Spoofing or forging https:// in the URL to give the appearance of a secure site