Received a suspicious e-mail? Here's what to do.

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities

Received a suspicious e-mail? Here's what to do.

Postby gkaplan » Wed Apr 03, 2013 7:49 pm

In recent years, many companies have been targeted by sophisticated Internet con artists determined to steal consumers' private information—and their money—through the use of convincing e-mail scams.

Typically, these e-mails claim to be from banks, investment providers, credit card issuers, mortgage lenders, or insurance companies. And while they generally don't address you by name, they may look perfectly legitimate at first glance.

If you receive an unsolicited e-mail claiming to be from Vanguard that requests personal information, please forward it to abuse@vanguard.com immediately.

Messages like this often warn of a "security issue" that needs your immediate attention, and instruct you to click a link in order to verify your identity and correct the problem. The link points to a phony—but realistic—website that asks you to enter your name, Social Security number, account number, password, or other personal information.

Once you enter your information, the damage is done, and the scammer has the power to wreak havoc on your financial life.

The bottom line: Vanguard does not send unsolicited e-mails asking for personal information, nor do we include links with such requests in unsolicited e-mails we send to clients....


https://personal.vanguard.com/us/insights/article/phishing-email-07102012
Gordon
gkaplan
 
Posts: 5327
Joined: Sat Mar 03, 2007 9:34 pm
Location: Portland, Oregon

Re: Received a suspicious e-mail? Here's what to do.

Postby kitteh » Thu Apr 04, 2013 8:35 am

Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.
kitteh
 
Posts: 194
Joined: Fri Mar 15, 2013 1:13 pm

Re: Received a suspicious e-mail? Here's what to do.

Postby The Wizard » Thu Apr 04, 2013 9:04 am

kitteh wrote:Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.

Those old Nigerian email scams are just the SETUP for the more sophisticated Ukrainian scams.
I agree on the link hovering...
Attempted new signature...
The Wizard
 
Posts: 6383
Joined: Tue Mar 23, 2010 2:45 pm
Location: Reading, MA

Re: Received a suspicious e-mail? Here's what to do.

Postby VictoriaF » Thu Apr 04, 2013 9:07 am

The Wizard wrote:
kitteh wrote:Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.

Those old Nigerian email scams are just the SETUP for the more sophisticated Ukrainian scams.


Not necessarily. See Cormac Herley's (Microsoft research) paper "Why do Nigerian Scammers Say They are from Nigeria?" (PDF). The scammers intentionally drop hints (Nigerian origin, poor spelling, logical flaws) to filter out intelligent readers and catch the most gullible ones. That greatly improves their "yield".

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: Received a suspicious e-mail? Here's what to do.

Postby tadamsmar » Thu Apr 04, 2013 10:39 am

From Vanguard (copied from the OP):
The bottom line: Vanguard does not send unsolicited e-mails asking for personal information, nor do we include links with such requests in unsolicited e-mails we send to clients....


From Vanguard on April 1:
Dear [my name]:

Your most recent mutual fund account statement is available on vanguard.com.

The safest way to view your account statement is to follow these steps:

1. Go to vanguard.com and log on to your account.


Where "vanguard.com" is a link with a request for personal information.

I got 9 emails from Vanguard in March that were unsolicited by me and unexpected. I make it a policy to trust none of them, but I checked a couple just now and they had links to the Vanguard homepage where it asked for my username.

I avoid using these links to login to Vanguard. At the minimum one should carefully check the url of the link, but that is tricky because good phishers used links that look real if you don't inspect them closely. I just don't want to bother to take the time to inspect the url and I don't want to risk getting into the habit of quickly clicking on a link in an email that I did not solicit.

I have been aware that Vanguard claims to not do this for a long time. I emailed them complaining about this practice long ago.

:annoyed
Last edited by tadamsmar on Thu Apr 04, 2013 1:15 pm, edited 1 time in total.
User avatar
tadamsmar
 
Posts: 6221
Joined: Mon May 07, 2007 1:33 pm

Re: Received a suspicious e-mail? Here's what to do.

Postby JamesSFO » Thu Apr 04, 2013 10:46 am

tadamsmar wrote:Where "vanguard.com" is a link with a request for personal information.


Your email client may be CREATING that link...
User avatar
JamesSFO
 
Posts: 2082
Joined: Thu Apr 26, 2012 11:16 pm

Re: Received a suspicious e-mail? Here's what to do.

Postby tadamsmar » Thu Apr 04, 2013 11:01 am

JamesSFO wrote:
tadamsmar wrote:Where "vanguard.com" is a link with a request for personal information.


Your email client may be CREATING that link...


I got one on March 22 called "Responding to bond market uncertainty" It has 2 links to the home page and neither was a plain text url like "vanguard.com". One was "Vanguard homepage" at the top of the email. The other was "home" at the bottom of the email. Both take me to the homepage where you put in your username to login to Vanguard.

I assume anyone who is a Vanguard client can easily confirm that there are links in vanguard emails that take one to web pages that ask for personal information.

I recommend that Vanguard clients should never trust these links. In my opinion, it takes too much time and discipline to confirm the link is real, and its better to completely avoid the phishing risk.

Correction: the link at the top is an image link using image of the Vanguard ship logo and the trademarked word Vanguard. My email does not automatically display the images so I had to force them.
Last edited by tadamsmar on Thu Apr 04, 2013 11:58 am, edited 1 time in total.
User avatar
tadamsmar
 
Posts: 6221
Joined: Mon May 07, 2007 1:33 pm

Re: Received a suspicious e-mail? Here's what to do.

Postby The Wizard » Thu Apr 04, 2013 11:18 am

VictoriaF wrote:
The Wizard wrote:
kitteh wrote:Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.

Those old Nigerian email scams are just the SETUP for the more sophisticated Ukrainian scams.


Not necessarily. See Cormac Herley's (Microsoft research) paper "Why do Nigerian Scammers Say They are from Nigeria?" (PDF). The scammers intentionally drop hints (Nigerian origin, poor spelling, logical flaws) to filter out intelligent readers and catch the most gullible ones. That greatly improves their "yield".

Victoria

A good place to learn more about these scams and what some folks are doing about them is www.419eater.com
Attempted new signature...
The Wizard
 
Posts: 6383
Joined: Tue Mar 23, 2010 2:45 pm
Location: Reading, MA

Re: Received a suspicious e-mail? Here's what to do.

Postby Mill » Thu Apr 04, 2013 11:39 am

I get phish emails from someone impersonating a manager at FedEx regularly. Most companies with an online presence will have a fraud department that deals with unsolicitated phish emails, impersonators and the like. I advise anyone to report these emails to the appropriate company fraud team for investigation. (google search the company being impersonated, click contact, and the spam or fraud team info usually lists an email address to which you can report suspicious emails.)

There are way too many billions of dollars that get stolen from innocent people like this, and you can do your part to help fight it by just clicking the forward button.
Mill
 
Posts: 209
Joined: Tue Dec 22, 2009 9:04 pm
Location: Arkansas

Re: Received a suspicious e-mail? Here's what to do.

Postby kitteh » Thu Apr 04, 2013 11:51 am

Mill wrote:I get phish emails from someone impersonating a manager at FedEx regularly. Most companies with an online presence will have a fraud department that deals with unsolicitated phish emails, impersonators and the like. I advise anyone to report these emails to the appropriate company fraud team for investigation. ...

There are way too many billions of dollars that get stolen from innocent people like this, and you can do your part to help fight it by just clicking the forward button.


I don't know if this does any good. What's the company going to do?

I reported crooked telemarketing calls to the Do Not Call list until I was blue in the face with no result, so I eventually stopped doing it. I have my ISP's spam filtering turned off, so I see stuff come in marked spam that is perfectly legitimate email. I reported that to them for awhile, but it has not decreased the incidence of this. You'd think they'd at least have a white list.
kitteh
 
Posts: 194
Joined: Fri Mar 15, 2013 1:13 pm

Re: Received a suspicious e-mail? Here's what to do.

Postby Phineas J. Whoopee » Thu Apr 04, 2013 2:57 pm

My personal favorite, of the ones I've received and bothered to read, came about three years ago when they said my details had appeared on an online marketplace for stolen identities, and I just needed to confirm a few pieces of (very sensitive) information to them so they could remove it.

PJW
User avatar
Phineas J. Whoopee
 
Posts: 2768
Joined: Sun Dec 18, 2011 7:18 pm

Re: Received a suspicious e-mail? Here's what to do.

Postby Mill » Fri Apr 05, 2013 12:07 pm

kitteh wrote:
Mill wrote:I get phish emails from someone impersonating a manager at FedEx regularly. Most companies with an online presence will have a fraud department that deals with unsolicitated phish emails, impersonators and the like. I advise anyone to report these emails to the appropriate company fraud team for investigation. ...

There are way too many billions of dollars that get stolen from innocent people like this, and you can do your part to help fight it by just clicking the forward button.


I don't know if this does any good. What's the company going to do?

I reported crooked telemarketing calls to the Do Not Call list until I was blue in the face with no result, so I eventually stopped doing it. I have my ISP's spam filtering turned off, so I see stuff come in marked spam that is perfectly legitimate email. I reported that to them for awhile, but it has not decreased the incidence of this. You'd think they'd at least have a white list.


If nothing else, the more reports of fraud attempts that a legitimate company receives through emails from concerned customers, it might actually prompt them to take the imposters seriously. Fraud teams are skilled at killing faker websites, tracking the fraudsters, shutting down email addresses and increasing the legitamate companys all-around security.
Mill
 
Posts: 209
Joined: Tue Dec 22, 2009 9:04 pm
Location: Arkansas

Re: Received a suspicious e-mail? Here's what to do.

Postby likegarden » Fri Apr 05, 2013 5:47 pm

I simply do not answer to any of that stuff. Since I am retired I am also getting all kind of phone calls from people who try to sell something to older people which also is scam. So we do not pick up any of those calls. It also seems that those people who started 10 years ago to tell me via Email about having won a Hongkong lottery and that guy from Nigeria who had a business proposition have finally gotten the message and no longer send Emails. My advice is simply do not read bad Emails (delete them) and do not pick up bad phone calls, do not worry about it and do not respond.
likegarden
 
Posts: 1243
Joined: Mon Feb 26, 2007 6:33 pm


Return to Personal Consumer Issues

Who is online

Users browsing this forum: Google [Bot] and 50 guests