Text from the e-mail sounds legitimate enough, but in reality, you may be the victim of a phishing attack. Identity thieves, masquerading as Royal Bank, PayPal, or other financial or Internet companies, try to dupe you into clicking phony links to verify personal or account information. You’re asked for home addresses, passwords, social security numbers, credit cards numbers, banking account information, and so on.
Bottom line: Never click links embedded in suspicious e-mails. When you hover the cursor over a link such as www.paypal.com, it actually leads elsewhere.
To lend authenticity to these appeals, the spoof e-mails often are dressed up with real company logos and addresses, plus a forged company name in the From line (for example, From: firstname.lastname@example.org). Phishing may take the form of falsified company newsletters. Or there may be bogus requests for you to reconfirm personal data.
So how do you know when the e-mail request you’re reading is really a phishing attack?
Obvious giveaways in some fake e-mails are misspellings, rotten grammar, and repeated words or sentences.
No company on the level is going to ask you to reconfirm data that’s been lost.
Reputable companies usually refer to you by your real first and last names and business affiliations rather than Dear Member or Dear PayPal Customer.
If you have doubts that a communication is legit, open a new browser window and type the real company name yourself (for example, www.ebay.com or www.paypal.com.) Your gut instincts concerning phony mail are probably on the mark.
Here’s an excerpt lifted from a phishing attack:
Dear TD Customer,
(URGENT) Your TD Online Banking has been suspended. To unlock your account, click here.