Victim

Many people have fallen victim to online scams through phishing or other various methods. At my job I deal with this on a regular basis, and although I've never fallen victim to it, I've talked to many who have.

I've seen many customers fall victim to phishing attempts where the scammer pretends to be from my company. The email tricks them into replying with their password or billing info. In this case, it's almost always their password. The scammers use the password to login to their account with us, and then create more email addresses under that customer's account. They use these emails to scam more people, it's an endless cycle. Each account we have can make up to 9 free mailboxes on their account, the spammers know this, and take full advantage.

As a result of the succeeded phishing attempt, the customer's account is usually suspended due to a violation of our Terms of Service. The account is flagged for suspicious/spam activity, even though the customer didn't do it. They call us wondering why they can't access the internet, and that's when we figure out that they fell for the scam, giving their password out, and ultimately getting their account deactivated. We reactivate their accounts, but we tell them to delete or report the scams, and to never respond.

Protect yourself

Upon my reflection of what I've learned in my security class, I've come to the conclusion that the world is a brood of vipers waiting to strike the unsuspecting and helpless.

I'm not saying that everyone is wicked or some other outlandish claim. However, this material reminds me that the world can be a dangerous place and the internet is not exempt from that danger.

Identity theft/fraud has been huge for years, and won't likely go away. At work I often speak to customers who have fallen victim to phishing attempts, giving out their password or billing information freely because they believed it to be from a trustworthy source. Usually within days or even hours from giving up that information, the customer has felt the consequences.

There are things we can do to lessen the likelihood of falling victim to identity fraud.

• Don't walk around with your Social Security #, and certainly do not freely give it out. If a company requires your SSN, make sure you find out why before you give it up. Sometimes there's no way around it, but if a man at the grocery stores wants your SSN, there's something shady going on.
• Don't fall victim to phishing attempts. No legitimate company is going to email you asking for your password or account info out of the blue. The company sets up your password, why would they need it from you? If you receive any email from what claims to be your bank, call them to verify the legitimacy. However, do not call any numbers listed in the suspicious email, as this would just be someone attempting to social engineer you out of your information, and since you believe it to be the bank, you wouldn't be skeptical. Call the actual establishment and chances are they will tell you right there that the email is bogus.
• Check URLs in your address bar... make sure the sites you think you are visiting are actually where you ended up. Scam artists can make a page look exactly like your banks, or any other site, and trick you into putting in valuable information.

The biggest one for me to remember is making sure I'm running security software. I'm an IT guy, so it shouldn't be an issue... but sometimes it's hard to remember to follow what you teach. Also, for people who are into computers, sometimes we feel as though it won't happen to us because "we know what we're doing". The smartest computer tech in the world will probably still get a virus at some point. The systems we use are vulnerable and are being exploited all the time.

We need to watch what information we're putting out there.