Spam and E-mails Frauds

Este tema en español

Unsolicited commercial e-mail, usually called spam, is not just unwanted, it can be offensive. Pornographic spam causes many consumer complaints. Decrease the number of spam e-mails you receive by making it difficult for spammers to get and use your e-mail address.

  • Never reply to a spam e-mail. 
  • Don't use an obvious e-mail address, such as JaneDoe@isp.com. Instead use numbers or other digits, such as Jane4oe6@isp.com.
  • Use one e-mail address for close friends and family and another for everyone else. Free addresses are available from Yahoo! and Hotmail. You can also get a disposable forwarding address from the Spam Motel. If an address attracts too much spam, get rid of it and establish a new one.
  • Don't post your e-mail address on a public web page. Spammers use software that harvests text addresses. Substitute "janedoe at isp.com" for "janedoe@isp.com." Or display your address as a graphic image, not text.
  • Don't enter your address on a website before you check its privacy policy.
  • Uncheck any check boxes. These often grant the site or its partners permission to contact you.
  • Don't click on an e-mail's "unsubscribe" link unless you trust the sender. This action tells the sender you're there.
  • Never forward chain letters, petitions or virus warnings. All could be a spammer's trick to collect addresses.
  • Disable your e-mail "preview pane." This stops spam from reporting to its sender that you've received it.
  • Choose an Internet Service Provider (ISP) that filters e-mail. If you get lots of spam, your ISP may not be filtering effectively.
  • Use spam-blocking software. Web browser software often includes free filtering options. You can also purchase special software that will accomplish this task.
  • Report spam. Alert your ISP that spam is slipping through its filters. The Federal Trade Commission (FTC) also wants to know about "unsolicited commercial e-mail." Forward spam to spam@uce.gov.

Be Suspicious of Mass E-mails

Many mass e-mails contain false alarms, misleading requests for donations or fictitious offers of money and free goods. You can check the validity of almost any mass e-mail at the Snopes website. Don't forward an e-mail unless you're sure that it contains accurate information. Not only do such e-mails confuse recipients, they are often used to collect e-mail addresses for spammers.

Phishing

Phishing is a scam where criminals fraudulently obtain and use your personal or financial information. Here is how it works:

  • You receive an e-mail that appears to originate from a financial institution, store or company you do business with, or government agency.
  • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link in the message.
  • The link appears to be to the web site of the financial institution, store or company you do business with, or a government agency. But in "phishing" scams, the web site actually belongs to the criminal.
  • Once you are inside the fraudulent web site, you are asked to provide Social Security numbers, account numbers, passwords or other information used to identify you.
  • When you provide the information, the criminal can access your current financial accounts or create ones using your identity.

Here are some tips from the U.S. Computer Emergency Readiness Team to help you avoid becoming a phishing victim:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about your personal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
  • Do not reveal personal or financial information in emails, and do not respond to email solicitations for this information. This includes following links sent via email.
  • Don't send sensitive information over the Internet before checking a web site's security (see Protecting Your Privacy for more information).
  • Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

E-mail Data Breach

Do you ever share your e-mail address with your favorite retailer to be notified of sales, coupons, and new arrivals? What happens if the company’s e-mail database is hacked? You should receive a notice from the company to let you know about the data breach. After that, you may see an increase in phishing e-mail you receive. Your best advice is to “do nothing”: don’t respond or verify personal information.