By Dr. Greg Jorgensen
Rio Rancho, NM – www.gregjorgensen.com
I have exciting news. This will be my last blog post because I am retiring. This past week I received an email from South Africa notifying me that a distant cousin who was pretty high up in the government down there passed away without a will (I would have thought that most millionaires would have wills, but I’m not one to question). Anyway, turns out that I’m his closest living relative and I can lay claim to his entire twenty million dollar fortune just by emailing the trustee (who is an actual attorney) my name, address, social security number, bank account number and routing number, and $2,500 for legal fees. Once he gets that information, he’ll transfer the entire twenty million into my account and I can sell my practice and start traveling!
Obviously, none of us would fall for such a transparent scam as the one described above, and yet within the past month several of our AAO members turned over personal information in an online scam disguised as correspondence from the AAO. Thousands of AAO members received these emails from “email@example.com” notifying them that they had a security message and needed to access their online AAO profile to resolve the problem. Some very educated doctors innocently clicked the link provided in the email and entered their login information and personal data. The problem was that the AAO never sent that email. It just goes to show that it can happen to anyone.
Phishing is a type of online identity fraud in which criminals attempt to obtain personal information through misrepresentation. Pretending to be trusted businesses or organizations like banks, government, or online service providers (AOL, PayPal, etc.), criminals ask unsuspecting users to provide login names, passwords, and account numbers that can then be used to steal money and services. These requests might explain that there is a problem with your account and that you need to re-set your password. They might tell you that they received your “recent order” and your account has been charged (BTW, if you didn’t place the order, you can just click on the link and enter all of your personal data to cancel it). They may notify you that your account has been placed on hold until you log in. They may just ask you to login to your online account and verify the accuracy of the data. Regardless, there is always a hook that makes you think there is a problem then a request for you to follow a link and give them personal information.
Here are some things you can do to avoid being duped:
- Is the email addressed specifically to you or is it generic? Is it to “Dear Dr. Jorgensen,” or is it to “Dear member”? Most phishing schemes involve millions of emails sent to random or collected email addresses where the name of the actual recipient is not known and therefore they are addressed to generic recipients.
- Do you even have an account with the bank or business? Many times the criminals will use random email generating algorithms that just happen to create your email address. If you’ve been contacted by the “Bank of America” about a problem but you don’t have an account with them, that is a dead giveaway!
- Does the email contain poor or incorrect spelling or grammar? Many phishing attempts originate in foreign countries. The probability of the AAO using bad grammar is decreasing all the time! (haha)
- Does the link actually point to the appropriate website? Hover your mouse pointer over (but DO NOT click on) the link provided in the email. Look at the status bar in your email window (usually the lower left hand corner) and see where the link will really take you. The link in the AAO email above read “Secure account log in,” but it pointed to “kikmfurniture.com/language/pdf_fonts-/www.aaomemebers.org/Association.html.” This is a way to see in a glance where the click would take you.
- Even if you think the email is legitimate, it is safest to go directly to the site yourself. Open a browser, log in to your account yourself without the aid of a link, and then see if the problem or request exists on the actual website.
These are just a few ideas for keeping private information safe. Scammers are trying to exploit every new technology and technique to make a buck. Be careful when you are online. Be equally careful when you receive an Internet link in an unsolicited email.