Avoid Fraud & Phishing Email Scams

Wonderwave Internet filters email from spam and viruses. You still may receive a "phishing" email, requesting you to verify your email account information. Wonderwave Internet did not send you this email, and we would NEVER ask you to verify your email account password in an email. Do not respond to emails looking for account information, (Internet passwords, Banking or Credit Cards). If you have responded to an email phishing request, please call our office immediately at 815-653-7873 so we can change your email account password.

For more information about Phishing scams: emails pretending to be from your bank, credit card company, UPS, Fedex, the IRS, etc:

Do not reply, and do not open the attachment.

Protect your personal information! The IRS does not initiate taxpayer communications through email
 What is phishing? 
Phishing is a scam typically carried out by unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information.However, if you have experienced monetary losses due to an IRS-related incident please file a complaint with the Federal Trade Commission through their Complaint Assistant to make that information available to investigators. READ MORE http://www.irs.gov/privacy/article/0,,id=179820,00.html

Phishing Scam Uses UPS, FedEx Emails as Bait
Federal Express does not want your Social Security number. Neither does UPS. Customers have reported receiving emails claiming to be from the shipping companies, warning them that a package went undelivered and asking for information. Or they're sent a link to print out, but instead it downloads a virus. READ MORE http://www.dailyfinance.com/2010/12/19/phishing-scam-uses-ups-fedex-noti...

ACH Fraud becoming ever more clever
ACH (Automated Clearing House)  fraud has become increasingly more sophisticated. It is a serious problem and it’s beginning to have a non negligible economic impact on business. READ MORE http://dorkage.net/blog/2010/04/27/ach-fraud-becoming-ever-more-clever/

ACH fraud scams total $100 million, FBI says
The surge of ACH fraud committed by criminals stealing the online banking credentials of small and midsize businesses has resulted in approximately $100 million in attempted losses, according to the FBI. READ MORE http://searchfinancialsecurity.techtarget.com/news/1373452/ACH-fraud-sca...

ACH email scams with malware in attachments continues
Earlier this week there was a drop off of the previous spam run of fake ACH Payment Canceled emails, all loaded with malware inside their attached files. They were replaced by a blast for FDIC scams. Now, the ACH scam. READ MORE http://www.wizcrafts.net/blogs/2011/09/ach_email_scams_with_malware_in_a...

Spot the Phisher and Do Not Bite

Be skeptical, be suspicious, and if you are not sure, always contact the company being impersonated directly and immediately!

If you get an email claiming to be from a reputable business but asking for private information:

  • Do not reply to the email.
  • Do not submit personal information.
  • Do not click on any links contained in the email. Check the links without clicking.
  • Help law enforcement catch the phisher.
  • Delete the email.
  • Before submitting information on any website, always verify the security certificate.

Recognize And Prevent Phishing In Email

Greeting

The greeting line of a phishing email is typically generic, such as "Dear (Company) Member". Legitimate emails are usually personalized, such as "Dear Isaac Newton". If you have done business with the real company, they know your name. But beware, a phisher may have found your real name by some other means.

The Sender's Email Address

The sender's email address is not a good indicator of the origin of an email. Phishers typically (and easily) forge this field.

Tone

Phishers ask you to update, validate, or confirm your information, often with a false sense of urgency and dire consequences if you ignore it.

  • "We are updating our accounts and need information fast."
  • "An unauthorized transaction has recently occurred on your account."
  • "You may lose your account if you don't update your information."
  • "Please click here to verify your information."

Legitimate companies will usually ask you to call them at a verifiable phone number or ask you to login to their website independently of the email.

Links and URL's -- Always check before you click.

Phishers use deception to try to give the appearance of legitimacy. Look carefully at the link. Forms of trickery include:

  • "@" in the URL (link), probably near the end

    Your browser might ignore all characters preceding the @ symbol in determining the actual web address; the real web address follows the @, which may be hidden at the end of a very long URL.

    http://www.company.com:crafty... ...long... ...string@www.scammer.com

    You see the company.com part. This URL really goes to www.scammer.com, which you can't see because the URL string is so long it goes out of the display. Check the URLs without clicking.

  • letter-number substitutions, such as letter O, number 0 or letter l, number 1.
  • company name compounded with some other word, such as http://companytrustme.com. Just because it has the company name in it does not mean it is from that company.

Legitimate companies use secure domain names (such as https://www.company.com) whenever sensitive information must be transfered. Never log into a company through a link in an email unless you are expecting a verification notice and you are sure it is from that company. Before submitting any information on a website, always verify the security certificate first.

Clicking on a fraudulent link can net the Phisher his catch, and you and your computer are the phish.

Emails that Look Like Websites

Phishing emails may look like websites and try to get you to enter your personal information. Legitimate companies will never ask you to enter personal information in an email.

Style of Writing

Phishers often use poor spelling, bad grammar, missing words and logic gaps, in an attempt to get around spam filters. Legitimate businesses use proper business communication, and while they may not be perfect, the writing is generally far superior to that found in phishing emails.

Connection Security

When you enter information in a web session, make sure "https://" (a secure connection) begins the URL. Be sure to verify the security certificate. This is not foolproof. Some phishers have forged security icons.

Pop-up Boxes

Legitimate companies do not (or should not) use popups in email, as popups may not be secure

Attachments

Attachments in phishing emails are very dangerous; they may be virus- or spyware-laden. Do not open these and delete them immediately after reporting the scam.

Above all, if you are not sure, always contact the company directly!