By Christine Frietchen on February 5, 2012 in
If you've noticed an uptick of spam in your junk mail folder lately, you're not alone. Scammers go into overtime around the holidays and into tax season, aiming to trick you into forking over personal information. These email sneak-attacks are called "phishing" and it's nothing new. What is new this year is that a lot of the bogus emails look like they're coming from banks, software companies and tax-preparation firms, hoping to trigger your click by making you think you won't get your tax refund or that there's been an error on your tax return. Here's how not to get suckered.
Phony emails from banks, software companies, tax-preparers
Interesting: In the last few days, I've received emails from Intuit, HSBC, H&R Block and Wells Fargo, all instructing me to update my tax information immediately so as not to delay my income tax refund. Funny thing is, I don't use any of these services. I was suspicious, and you should be too. No matter the knee-jerk subject line, if you've received an email from an institution you don't have a relationship with, that's your first clue that it could be a phishing scam.
Further red flags
If you think an email from a financial-services company might be the real thing, don't click on anything yet. Take a moment to look for more clues.
- Generic salutation? Run away! One of the emails I received from "FedEx" addressed me as "Hello, Dear!" Similarly, if the salutation is "Dear valued customer" or something similar, it's a fake. A company with which you have an account or have done business with will address you by name.
- "Act now!" and "Urgent!" = probably not. The subject lines of these emails usually warn of some impending crisis: you won't get your tax return, your banking information is wrong, your account is being cancelled, etc. Scammers want to scare you into clicking on their link or opening an attachment.
- Other people copied on the email? Hit delete. A lot of the junk I've been getting has anywhere from three to 15 other email addresses copied on the email. Spammers probably are trying to maximize their effort, but for you it's a red flag. A legitimate financial institution won't copy anyone else on an email to you.
- Attached zip file? Zap it fast. Real companies won't send you attachments unless you've asked for them. And be really wary of attached zip files, which can contain bad-news executable files, potentially installing a virus on your computer.
- Funky grammar? Junk it. Here's a fine example from a spam email I received from "Intuit" asking me to update my tax info. Has anyone used the word "partaken" in the last 50 years? "To provide you better quality of service; INTUIT INC. has partaken in the Internal Revenue Service [IRS] Name and TIN Matching Program."
- Only one link option? Steer clear. I get solicitation emails all the time -- wanting me to buy something, or sign up for a service. Those emails may be annoying, but they aren't scams; those solicitations always include instructions on how to unsubscribe, where to go for more information, and a link to the company's privacy and email policy. But phishing emails often give you only one option: You must open the attachment or click on a single link.
Certainly, not every annoying email is a phishing email, out to steal your personal information or entice you to click on a dangerous link. But for any unfamiliar sender that makes it through your spam filters, it's worth pausing before clicking. Once you recognize the most common red flags, trashing these emails will become old hat.