REGION – The email from a friend is simple; “Do you have an Amazon account?” Odd question so you check out the sender address and sure enough, it displays the name of your friend. Over the course of the email exchange, your friend explains a problem with his or her Amazon account, asks you to purchase an “e-card” and forward it to a “relative” at an address provided.
Protecting yourself from appearing on the “victims list” is fairly easy. Begin by ensuring that the sender address is actually the address of the friend. Criminals are very good at establishing imposter addresses to fool intended victims, for example, using egreenblott@hotmail.com when the correct address is egreenblott@aarp.org. More important than the address verification, call the friend and ask if the request is real. If it is, I leave it to you to decide what to do. If it’s a scam, report it to the FBI Internet Crime Center at www.IC3.gov.
The real victim of the crime is the person who supposedly sent the message. Here is how the scam plays out. At some point in the past, Dwane – a fictitious name – received an “authentic” email message from his Internet service provider: “A third party has attempted to access your account. Please click here to verify your identity. Without this verification, we will close your account.” Dwane reacted as many of us would by clicking the link in the email. Dwane should have looked at the sender’s email address to see if it was legitimate. An email from a company like Verizon would be addressed from “@verizon.net,” not Gmail, Hotmail, or Ymail.
Dwane, instead, clicked the link in the message and opened a page that appeared to be the Verizon website asking him to enter his ID and password. After doing so, he received a confirmation screen acknowledging verification. In a matter of a few minutes, a criminal managed to obtain access information to an account. Of course, the victim is unaware of what happened.
As the victim or possible victim, there are some critical steps to take. Open your account and check to see if your mail is being forwarded to another address. If it is, copy down that address and disable the forwarding feature. Change your account password to a robust passphrase. Experts differ on the length of a secure passphrase but all agree that it should be no fewer than 12 characters long including upper/lower case letters, numerals, and symbols.
Next, it is critical to report the crime. Preserve the details. Make a copy of the email message noting the date and time it was received, the sender’s address, and spelling or grammar errors. In addition, have handy the email forwarding address noted above as well as the address of the webpage used in the scam.
Two Federal agencies address these crimes: the FBI – www.IC3.gov, and the FTC – www.ftc.gov. Both sites provide reporting forms.
Questions or comments? Email egreenblott@aarp.org. Elliott Greenblott is a retired educator and coordinator of the AARP Vermont Fraud Watch Network.