• Hartwick students working on a project in class.
  • Dewar Union, Hartwick College
  • Yager Bell Tower, Hartwick College
  • Professor discussed Botany with a Student.

Recognizing E-mail Fraud

The Technology Resource Center has seen an increase in e-mail that appears to be from legitimate sources (banks, PayPal, etc.), but the messages ask for personal information. Never share any of your personal information by replying to these e-mails or going to the Web sites they ask you to use. Read this information for tips on how to identify fraudulent e-mail:

Be wary of any seemingly legitimate e-mail request for account information, often under the guise of asking you to verify or reconfirm confidential personal information such as credit card numbers, account numbers, Social Security Numbers, passwords, or other sensitive information.

It's often hard to detect a fraudulent e-mail. That's because the e-mail address of the sender often seems genuine (such as support@yourbank.com), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent e-mails often try to extract personal information from you (Phishing) in one of two ways:

1. By luring you into providing it on the spot (e.g., by replying to the e-mail), or
2. By including links to a Web site that tries to get you to disclose personal data.

Like the e-mail, a fraudulent Web site is designed to trick you into believing that it belongs to a company you know, by using its brands, domain names, and graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal activities.

Never reply to any e-mail requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an e-mail you are suspicious of, contact the company through an address or telephone number you know to be genuine.

If you suspect that you have provided confidential account or personal information to a fraudulent Web site, change your password immediately, monitor your account activity frequently, and report any suspicious activity to the real company--using an address or phone number that you know to be genuine.

The Department of Justice recommends following three simple rules when you see e-mails or Web sites that may be part of a "phishing" scheme: Stop, Look, and Call.

Stop: Phishers typically include upsetting or exciting (but false) statements in their e-mails with one purpose in mind. They want people to react immediately to that information by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the e-mail may be, there is always enough time to check out the information more closely.

Look: Look more closely at the claims made in the e-mail, think about whether those claims make sense, and be highly suspicious if the e-mail asks for your personal information such as account numbers, usernames, or passwords. For example:

• If the e-mail indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers' account numbers in their records. Even if the e-mail says a customer's account is being terminated, the real bank or financial institution will still have that customer's account number and identifying information.

• If the e-mail says that you have won a prize or are entitled to receive some special "deal," but asks for financial or personal data, be highly suspicious. Legitimate companies that want to give you a real prize don't ask you for extensive amounts of personal and financial information before you're entitled to receive it.

Call: If the e-mail or Web site purports to be from a legitimate company or financial institution, call or e-mail that company directly and ask whether the e-mail or Web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card account holders can call the toll-free customer numbers on the backs of their cards, and bank customers can call the telephone numbers on their bank statements.