Welcome to Alberta Retired Teachers' Association

A Cautionary Tale - Careful You Don't Get Phished Out!
By: Dr. Ralph Levinson

In the past two months I have received e-mails notifying me of the following situations:

1. My e-mail address and account at Shaw will be cancelled if I do not verify my address, date of birth and social insurance number immediately;

2. The information on my bank account is out-of-date and must be updated or verified within 48 hours or my account will be closed from the TD Bank, Scotia Bank, HSBC, DFS, National Bank and BMO;

3. The security department of MasterCard has detected suspicious activity on my account and requires that I confirm the account number and password immediately to prevent criminals from using my card;

4. I won a lottery in the Virgin Islands and to get the $120 million pounds sterling I just had to send some money to expedite the cash transfer;

5. I received a notice that a DHL parcel could not be delivered to my home until I pre-paid the delivery fees on-line;

6. My distant relatives in Scotland require my immediate financial assistance to bail them out of a jam or they will lose their home; and

7. A very devout missionary in Africa has been wrongly put in jail and needs only $10,000 from me to get out.

Phishing-the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identify theft.

None of these are legitimate. These are all bogus e-mails! My first clue that these e-mails are suspicious is that I do not have a TD, Scotia, HSBC, DFS, National or BMO bank account, or a MasterCard. I did not buy a lottery ticket in the Virgin Islands; I am not expecting a parcel delivery; nor do I have relatives in Scotland. I do have accounts at other institutions, a couple of credit cards, relatives in foreign countries and I do receive parcels via couriers. In the past I have received e-mails purporting to be from them. They too were phishing attempts and I deleted them.

In the past I have received other e-mails where I did not even read more than the introductory line before I recognized them and deleted them. If you have e-mail, chances are you receive these types of e-mails just as I and millions of others do. It is known as phishing. It is fraud. Criminals are using the power and anonymity of the Internet to attempt to steal personal information and use it to rob people like us. We must all become more wary of unsolicited e-mails. They are the tools of the snake oil salesmen of the current age. Such e-mails can originate from almost anywhere in the world. Most come from places that are out of reach of our law enforcement. However, they could originate, just as easily, in a house down the street from you. The senders want us to think they are a company with which we do business, or we are kind people who will help them out of a jam. In phishing that is the bait. They make the assumption that a number of the recipients will have accounts at financial institutions in their e-mail. To make the bait more attractive the perpetrators copy the look and logos from the institution they are impersonating. They ask us to update or verify the information they already have in their records, or make a payment for services, or, as is the case with the "relatives in a jam" e-mail, simply send them money. What is amazing is how many people take this bait. I have read that two or three percent of these e-mails receive responses. Considering the hundreds and thousands of phishing e-mails sent, a very small response can amount to thousands of bites for the perpetrators.

These general phishing e-mails tend to have the following features in common:

The e-mail is unsolicited;
The "to" e-mail address line does not contain your name;
The "to" e-mail address may not be yours;
The body of the message does not have your name in it;
You are urged to respond quickly, usually within 48 hours; and You are asked to use the link in the e-mail to respond.

A trick in the bait is that the response address appears to be at the institution they are impersonating. If you look carefully, it may not be exactly the same as the website address of the institution to which the e-mail refers. The "from" e-mail address is always fake, often an address they have borrowed. A very sophisticated trick that phishers use is to make the e-mail appear to come from someone you know or an employer or institution at which you may have or had a relationship. Another trick they use is to have you click on what appears on your screen to be a legitimate Internet address which then takes you to a fake site that impersonates the real one.

So, the best advice is do not ever respond to suspicious e-mails. You will rarely hear from them again unless you reply to them. They do not stay put long enough to follow up. The senders are swindlers and they keep sending thousands and thousands of e-mails because some people do respond with the information they request. They keep a few steps ahead of the police.

What phishers ask for typically is your bank account numbers, credit card numbers, usernames, passwords, PIN numbers, and date of birth, SIN and addresses.

Amazingly, people do reply and send their bank account numbers and PIN numbers and some actually send money. Legitimate businesses do not send e-mail asking for this information. It is just the data required to enable these thieves to charge expensive items to your credit card, take all of the money out of your bank account or to steal your identity.

The crooks who use phishing to separate you from your savings have been upgrading their skills.

It is simply a matter of time until spear phishers figure out how to target retirees. I do not know what targeting retirees on a phishing attack might be called, but I am sure readers could coin a term or two.

The point is BE WARY OF SUSPICIOUS LOOKING E-MAIL.

If it does not look or feel right or if it is from someone you do not know, do not respond to it. If it is from an institution, telephone and ask if they sent you this e-mail. If it appears to be from someone you know but you are suspicious, phone the sender and ask why you received it.

What should you do with phishing emails?
Delete them or put them in the trash and then empty it. If they are unusual, report the phishing attempt to RECOIL, a national police task force attempting to combat this type of crime at http://www.recoil.ca

I have heard that if you fall victim to these fraud attempts, typically financial institutions will replace the funds in your account. It is very inconvenient and time-consuming to recover funds and even more difficult to restore your financial reputation if it is ruined. Television reports on people whose identities have been stolen paint a gruesome picture of a battle to restore their lives.

For those who have their insurance with Johnson Inc., Unifund Assurance offers a benefit called "ID Restore" as part of their PS Home Plus "gold" and "platinum" insurance coverage. Policyholders should consult with their assigned Johnson representative for details. There is additional information on identity theft on the website: www.identassist.com/idra




A Cautionary Tale - Careful You Don't Get Phished Out! By: Dr. Ralph Levinson In the past two months I have received e-mails notifying me of the following situations: 1. My e-mail address and account at Shaw will be cancelled if I do not verify my address, date of birth and social insurance number immediately; 2. The information on my bank account is out-of-date and must be updated or verified within 48 hours or my account will be closed from the TD Bank, Scotia Bank, HSBC, DFS, National Bank and BMO; 3. The security department of MasterCard has detected suspicious activity on my account and requires that I confirm the account number and password immediately to prevent criminals from using my card; 4. I won a lottery in the Virgin Islands and to get the $120 million pounds sterling I just had to send some money to expedite the cash transfer; 5. I received a notice that a DHL parcel could not be delivered to my home until I pre-paid the delivery fees on-line; 6. My distant relatives in Scotland require my immediate financial assistance to bail them out of a jam or they will lose their home; and 7. A very devout missionary in Africa has been wrongly put in jail and needs only $10,000 from me to get out. Phishing-the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identify theft. None of these are legitimate. These are all bogus e-mails! My first clue that these e-mails are suspicious is that I do not have a TD, Scotia, HSBC, DFS, National or BMO bank account, or a MasterCard. I did not buy a lottery ticket in the Virgin Islands; I am not expecting a parcel delivery; nor do I have relatives in Scotland. I do have accounts at other institutions, a couple of credit cards, relatives in foreign countries and I do receive parcels via couriers. In the past I have received e-mails purporting to be from them. They too were phishing attempts and I deleted them. In the past I have received other e-mails where I did not even read more than the introductory line before I recognized them and deleted them. If you have e-mail, chances are you receive these types of e-mails just as I and millions of others do. It is known as phishing. It is fraud. Criminals are using the power and anonymity of the Internet to attempt to steal personal information and use it to rob people like us. We must all become more wary of unsolicited e-mails. They are the tools of the snake oil salesmen of the current age. Such e-mails can originate from almost anywhere in the world. Most come from places that are out of reach of our law enforcement. However, they could originate, just as easily, in a house down the street from you. The senders want us to think they are a company with which we do business, or we are kind people who will help them out of a jam. In phishing that is the bait. They make the assumption that a number of the recipients will have accounts at financial institutions in their e-mail. To make the bait more attractive the perpetrators copy the look and logos from the institution they are impersonating. They ask us to update or verify the information they already have in their records, or make a payment for services, or, as is the case with the "relatives in a jam" e-mail, simply send them money. What is amazing is how many people take this bait. I have read that two or three percent of these e-mails receive responses. Considering the hundreds and thousands of phishing e-mails sent, a very small response can amount to thousands of bites for the perpetrators. These general phishing e-mails tend to have the following features in common: The e-mail is unsolicited; The "to" e-mail address line does not contain your name; The "to" e-mail address may not be yours; The body of the message does not have your name in it; You are urged to respond quickly, usually within 48 hours; and You are asked to use the link in the e-mail to respond. A trick in the bait is that the response address appears to be at the institution they are impersonating. If you look carefully, it may not be exactly the same as the website address of the institution to which the e-mail refers. The "from" e-mail address is always fake, often an address they have borrowed. A very sophisticated trick that phishers use is to make the e-mail appear to come from someone you know or an employer or institution at which you may have or had a relationship. Another trick they use is to have you click on what appears on your screen to be a legitimate Internet address which then takes you to a fake site that impersonates the real one. So, the best advice is do not ever respond to suspicious e-mails. You will rarely hear from them again unless you reply to them. They do not stay put long enough to follow up. The senders are swindlers and they keep sending thousands and thousands of e-mails because some people do respond with the information they request. They keep a few steps ahead of the police. What phishers ask for typically is your bank account numbers, credit card numbers, usernames, passwords, PIN numbers, and date of birth, SIN and addresses. Amazingly, people do reply and send their bank account numbers and PIN numbers and some actually send money. Legitimate businesses do not send e-mail asking for this information. It is just the data required to enable these thieves to charge expensive items to your credit card, take all of the money out of your bank account or to steal your identity. The crooks who use phishing to separate you from your savings have been upgrading their skills. It is simply a matter of time until spear phishers figure out how to target retirees. I do not know what targeting retirees on a phishing attack might be called, but I am sure readers could coin a term or two. The point is BE WARY OF SUSPICIOUS LOOKING E-MAIL. If it does not look or feel right or if it is from someone you do not know, do not respond to it. If it is from an institution, telephone and ask if they sent you this e-mail. If it appears to be from someone you know but you are suspicious, phone the sender and ask why you received it. What should you do with phishing emails? Delete them or put them in the trash and then empty it. If they are unusual, report the phishing attempt to RECOIL, a national police task force attempting to combat this type of crime at http://www.recoil.ca I have heard that if you fall victim to these fraud attempts, typically financial institutions will replace the funds in your account. It is very inconvenient and time-consuming to recover funds and even more difficult to restore your financial reputation if it is ruined. Television reports on people whose identities have been stolen paint a gruesome picture of a battle to restore their lives. For those who have their insurance with Johnson Inc., Unifund Assurance offers a benefit called "ID Restore" as part of their PS Home Plus "gold" and "platinum" insurance coverage. Policyholders should consult with their assigned Johnson representative for details. There is additional information on identity theft on the website: www.identassist.com/idra


Useful Links Contact Us Disclaimer Privacy Policy
© Copyright 2008 Alberta Retired Teachers’ Association. All rights reserved.				Site developed and managed by Stride Management Corp.