He’s lurking behind the swings with a smile, offering to give you a big push. . . he’s hiding under the slide. . . he’s ready to knock you off the monkey bars. He’s an internet predator and you need to protect your portable career abroad from him. . .
A couple of days ago I was vividly reminded of how important that protection is, especially when you’re living and working overseas.
Contracting a computer virus is a horrible experience. It’s even more horrible if you’re in another country where expert help in your language for your equipment might be hard to find or nonexistent.
No matter what virus protection software you run, your first — and best — line of defense against hackers, scammers, malware developers, phishers and viruses is your own common sense.
The Come On
Before he scams you, a con artist needs to entice. He appeals to your greed, your lust for something you want, or your fear.
In this instance, fear was the weapon of choice.
I’m not a morning person. Recently I’ve developed the habit of easing into my day by reading email on my smart phone before I get out of bed. I can dispose of the unimportant stuff quickly, and think about what’s waiting in my inbox while I get ready to face the day.
Imagine my surprise when I found an email from the Better Business Bureau telling me a customer had complained and inviting me to open the attached zipped pdf file for details. . .
At first glance it looked very official. Scary, even.
But then, even though I wasn’t totally awake, alarm bells started ringing — in addition to the panicky “OMG, who could have complained, what did I do” sorts of thoughts.
What Does an Internet Predator Look Like?
Just as we teach our children not to talk to strangers and what to do if someone is inappropriate with them, we need to teach ourselves to recognize the signs of a fraudulent come-on and know how to best handle it.
I saw several red flags right away:
- The time stamp on the email was 1:07 AM on a Saturday morning. While it’s possible the BBB sends out emails in batches during off hours, it got my attention.
- The email was a little strange. Oh, the language looked official enough, but in small print at the top it stated: “Sorry, your email does not support HTML format. Your message can be viewed in your browser” (with a link, of course). But my email, even on my smart phone, does support HTML. Obviously they really wanted me to click through to the website.
- At the bottom was an “unsubscribe” link. You can’t unsubscribe from something you’re not subscribed to, and I certainly never signed up to get emails from the BBB. Yet another attempt to get me to click through.
- What could someone possibly complain about for this website? If they don’t like what I say, they just stop reading. I don’t sell anything, after all.
How Do You Protect Yourself?
Use common sense and scrutinize everything that hits your email box carefully. Companies you do legitimate business with often post their policies about email activity, so take a few minutes to acquaint yourself with what’s normal for them — especially financial sites like PayPal, your bank, credit card companies, etc.
For example, PayPal posts this information:
“Should I trust that email?
An email from PayPal will: Address you by your first and last names or your business name
An email from PayPal won’t: Ask you for sensitive information like your password, bank account, or credit card”
So I know if I get an email that looks like it’s from PayPal but it doesn’t include my full name, it’s not legit.
Malicious Links
Depending on your email program, you may be able to see hidden information about the links in the email without clicking on them. Some allow you to hover your mouse over the link and they’ll show you the code behind it. If it doesn’t match what the link says, don’t click!
Or, if you know some HTML, you can look at the email’s source code (check the help function in your email program to find out how).
Attachments
While you can’t always protect yourself against links to bad websites, you certainly control whether you open email attachments.
Attachments can deliver viruses and malware to your computer and wreak all sorts of havoc. You should be very cautious about opening email attachments.
How To Defend Yourself
- I never click a link from an email to a financial site. It’s just not worth the risk. If I get a notice that my latest credit card statement is available online, I open my browser and type in the site’s URL — I don’t click the link in the email.
- Any time I get an email from someone I don’t normally do business with I scrutinize it very carefully. I check the headers to see if they match what’s showing in the email. If they don’t match, it’s trash.
For example, an email link might read “[email protected],” but when you look at the headers you’ll see the real reply-to address is [email protected]
If they do match and it’s offering a link to something of interest, I’ll go directly to the site to see if I can access it without clicking the link.
- I make it a habit to never open an attachment that I’m not expecting — even if I know the sender. That’s because too many viruses take over an email account or “spoof” the sender’s address. If I get an unexpected email with an attachment from someone I know, I always email them back and ask “did you send this and what’s it about” before I open it. Always.
- I check online to see if there are reports of scams related to the email.
When I googled “does the BBB send complaints via email” I came up with this web page on the Better Business Bureau’s official site. The headline read “ALERT: Phishing Scam Uses BBB Name and Logo” and the article described the scam and also contained the information that the BBB does not email complaints.
That’s definitive enough for me, and that email goes right into my trash — after I report it to the BBB’s fraud folks.
Yes, it takes a few more minutes do get through email with this approach. I don’t know about you, but I’d rather spend an extra five minutes to save myself the hours of aggravation and hard work to rid myself of a virus, or to try to recover a stolen identity.
Over the past 3-6 months or so, I’ve received a number of really authentic-looking emails from various entities. Most of them I think were PayPal and I wasn’t sure exactly how to tell if they were real or not, but I used the hover-over-a-link trick and that helped a lot. Some fake emails are a little easier to recognize but they all still cause my heart to skip a beat at first.
LOL, Jodi, I know exactly what you mean about your heart skipping a beat at first. Mine definitely did when I got the BBB scam email!
Great post. You won’t believe how many people fall for those every year. The “work-at-home” scams are also prevalent on pretty much any big job board.
Anything that requires your bank account # to do anything, is probably fake. Even when they talk to you on the phone (that’s how brazen they are).
-Rich Polanco
Well, fortunately I don’t get the phone calls any more. Before we left the US I used to get calls from my phone company from time to time. Invariably they would have “important information about my account” and they would ask me for information so they could “verify they were talking to the right person.” Invariably they would get genuinely outraged when I pointed out — hey, YOU called ME and I am NOT going to give you any information. In fact, you should have to prove to me who you are!! The ironic thing was, it really WAS my phone company. I’d call their customer service number to ask if they had been trying to contact me, and they had. But they never got the who verifies who part of it. . . Sad. . .