Phishing Email

Ho ho ho.  It is that time of year to be jolly.  And apparently when phishing emails are taken to the next level.  Four phishing emails have made it past my spam filter in the past two days.

I received this email while I was catching up with a dear friend at lunch today.  Panic hits when the amount charged is seen [“OMG.  Seriously?  $8599?”] and the immediate response is to click the button, “No, speak with an agent.”  Quickly.  Immediately without passing GO.

But, wait a minute.  Let’s take a closer look at the email.  
Look at the image and tell me one thing that should tell you it is a fraud.

 

Have you found it?   

The first thing I did was point my mouse cursor to the buttons to determine where it would direct me to should I click on them.  “rawdietscpa.com/express/validation” for both of them.  Interestingly enough, the customer service link at the bottom redirected to the same website link.

Ok.  This is a phishing email to gain confidential information, more specifically, your credit card information so that the next time you get a message, it really will be from American Express about a fraud on your card.

But what should have caught my immediate attention is the Attempt Date.  I have cards issued in the United States, not Europe, the UK or Canada.  The date is in a European format.

If you get a fraud alert, typically the last four numbers of your Account are showing in the Account Ending field.  The fact that it is grayed out here also alerted me to it being fraudulent.  

When I moved my mouse cursor to the buttons at the top of the email, none of them are active:  View Account, Make a Payment or Manage Preferences.  

I did NOT click on any of the links.  First, I do not want them to know that I received the email and thought it might be valid.  Secondly, I do not know the website and I am unwilling to place my computer at risk.

So what’s the take away?

Take time to evaluate any email from a bank, lending agency, credit card company, financial institution of any sort.  This includes the Internal Revenue Service.  Look at all the details of the email before clicking anything.  Call the entity by phone before clicking to validate the validity should you still have questions.

Reign in your curiosity.  Once you determine it is fraudulent, do not click anything.  Delete it.

Report the email to the entity via phone.  I had not seen this one before and cannot assume the American Express fraud department has seen it.  I forwarded them a copy.  They can only fight against something if they are aware of it.

In fact, that’s why I’m posting my Wednesday Cogitations Blog early on Tuesday.  You can only fight against that which you know you need to be vigilant against.  It’s helpful to make informed decisions.  And it would be bad timing during the holidays.  What an entrapment.

Protect your holiday purchases by watching your credit card.  Review your statements.  If you shop online, beware of unsecured website purchases.  How do you know?  Here are just a few:

• On the shopping cart page, in the bottom right corner, there will be a closed lock or unbroken key icon.
• The prices won’t be too good to be true.  It is stated low specifically to entice you.
• There is a shipping policy, return policy and a privacy statement very clearly stated.
• No pop-up ads.

If you still have questions about the site, check the Better Business Bureau, or better yet, don’t shop there.  Your gut may be telling you to be cautious for a reason.

In the meantime, shop away but be cautious.  What may be a great deal may be far more costly than you realize.

Well, this was certainly not the cheery blog I had planned on this week but wanted you to be aware.  I might just have to post my cheery note sooner than next week anyway!