- Requests for personal information. Most money processor like banks, credit card and online payment processor like PayPal already have all your information in the system. If you do get a request for personal information even if its for real, call the company and make sure the request is legitimate.
The best way to make a local verification (where the company has an office in your country) is to ask for the callers extension and you make the call back through the general line and ask the line be pass to the officer's extension.
For the case of PayPal, if PayPal doesn't have a local office in your country, you can always logon or sign in via PayPal's official website. You should be able to make all the necessary verification in your PayPal user account.
- Immediate action needed warnings. Phishers often attempt to get people to respond within a short time frame. To do this, the message conveys a sense of urgency often relates to "Your money is at stake"! Do it now or lose your money urgency is the most common push for action to get many unsuspecting receipient to take immediate action and click on the link provided in the scam email out of convenient.
- Mistakes. The little things can often reveal the biggest clues. Phishers often slip up on the finer details and overlook typos, mistakes in grammar, and so on. Be a bit more observant and you should be able to spot the sign.
- Addresses you as “Customer, Member or email owner”. These institutions already have your information and they would love giving their customer a warm welcome by addressing their customers by name. If you're not being address by real name, it's likely a phising attempt is in progress.
- The words “verify your account.” is the most common sentence call for action phisher used. A legitimate business will not ask you to send passwords, logon names or any sign on information via email. Be suspicious of message that asks for private information, even if it is real you can always sign on to your account via the official sign on page. So you're not in anyway in a hurry.
- The phrase “Click the link below to gain access to your account.” HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name, but the link you see is actually taking you to a phony Web site.
What are the best practice to a safer online computing?
- When you first sign up to any legitimate provider, they would normally send corresponding email via company email. Take note of the sender's domain name. Most likely genuine correspondence would be using the same domain name.
- Always use separate email for banking needs and another for other correspondence.
- Almost all legitimate payment prosessor have 'https' for sensitive sign on in its url. Scam sites are often being hosted on free hosting sites which do not have https access.
What To Do if You Receive an Email Like This
- DO NOT respond to the email or enter any personal information. Remember, you're always NOT in a hurry to fix up things even if your account are really in need to do so. Take your time to correspond and clarify with PayPal or your bank.
- Forward the email to firstname.lastname@example.org for PayPal related phishing. All banks with online banking facility do have contact to counter scamming relates to them, forward them a copy for further action.