Received a suspicious e-mail? Here's what to do.

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
gkaplan
Posts: 7034
Joined: Sat Mar 03, 2007 7:34 pm
Location: Portland, Oregon

Received a suspicious e-mail? Here's what to do.

Post by gkaplan »

In recent years, many companies have been targeted by sophisticated Internet con artists determined to steal consumers' private information—and their money—through the use of convincing e-mail scams.

Typically, these e-mails claim to be from banks, investment providers, credit card issuers, mortgage lenders, or insurance companies. And while they generally don't address you by name, they may look perfectly legitimate at first glance.

If you receive an unsolicited e-mail claiming to be from Vanguard that requests personal information, please forward it to abuse@vanguard.com immediately.

Messages like this often warn of a "security issue" that needs your immediate attention, and instruct you to click a link in order to verify your identity and correct the problem. The link points to a phony—but realistic—website that asks you to enter your name, Social Security number, account number, password, or other personal information.

Once you enter your information, the damage is done, and the scammer has the power to wreak havoc on your financial life.

The bottom line: Vanguard does not send unsolicited e-mails asking for personal information, nor do we include links with such requests in unsolicited e-mails we send to clients....
https://personal.vanguard.com/us/insigh ... l-07102012
Gordon
kitteh
Posts: 194
Joined: Fri Mar 15, 2013 12:13 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by kitteh »

Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: Received a suspicious e-mail? Here's what to do.

Post by The Wizard »

kitteh wrote:Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.
Those old Nigerian email scams are just the SETUP for the more sophisticated Ukrainian scams.
I agree on the link hovering...
Attempted new signature...
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: Received a suspicious e-mail? Here's what to do.

Post by VictoriaF »

The Wizard wrote:
kitteh wrote:Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.
Those old Nigerian email scams are just the SETUP for the more sophisticated Ukrainian scams.
Not necessarily. See Cormac Herley's (Microsoft research) paper "Why do Nigerian Scammers Say They are from Nigeria?" (PDF). The scammers intentionally drop hints (Nigerian origin, poor spelling, logical flaws) to filter out intelligent readers and catch the most gullible ones. That greatly improves their "yield".

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by tadamsmar »

From Vanguard (copied from the OP):
The bottom line: Vanguard does not send unsolicited e-mails asking for personal information, nor do we include links with such requests in unsolicited e-mails we send to clients....
From Vanguard on April 1:
Dear [my name]:

Your most recent mutual fund account statement is available on vanguard.com.

The safest way to view your account statement is to follow these steps:

1. Go to vanguard.com and log on to your account.
Where "vanguard.com" is a link with a request for personal information.

I got 9 emails from Vanguard in March that were unsolicited by me and unexpected. I make it a policy to trust none of them, but I checked a couple just now and they had links to the Vanguard homepage where it asked for my username.

I avoid using these links to login to Vanguard. At the minimum one should carefully check the url of the link, but that is tricky because good phishers used links that look real if you don't inspect them closely. I just don't want to bother to take the time to inspect the url and I don't want to risk getting into the habit of quickly clicking on a link in an email that I did not solicit.

I have been aware that Vanguard claims to not do this for a long time. I emailed them complaining about this practice long ago.

:annoyed
Last edited by tadamsmar on Thu Apr 04, 2013 12:15 pm, edited 1 time in total.
User avatar
JamesSFO
Posts: 3404
Joined: Thu Apr 26, 2012 10:16 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by JamesSFO »

tadamsmar wrote: Where "vanguard.com" is a link with a request for personal information.
Your email client may be CREATING that link...
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by tadamsmar »

JamesSFO wrote:
tadamsmar wrote: Where "vanguard.com" is a link with a request for personal information.
Your email client may be CREATING that link...
I got one on March 22 called "Responding to bond market uncertainty" It has 2 links to the home page and neither was a plain text url like "vanguard.com". One was "Vanguard homepage" at the top of the email. The other was "home" at the bottom of the email. Both take me to the homepage where you put in your username to login to Vanguard.

I assume anyone who is a Vanguard client can easily confirm that there are links in vanguard emails that take one to web pages that ask for personal information.

I recommend that Vanguard clients should never trust these links. In my opinion, it takes too much time and discipline to confirm the link is real, and its better to completely avoid the phishing risk.

Correction: the link at the top is an image link using image of the Vanguard ship logo and the trademarked word Vanguard. My email does not automatically display the images so I had to force them.
Last edited by tadamsmar on Thu Apr 04, 2013 10:58 am, edited 1 time in total.
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: Received a suspicious e-mail? Here's what to do.

Post by The Wizard »

VictoriaF wrote:
The Wizard wrote:
kitteh wrote:Virtually every suspicious email I've received seems to be written by a non-native speaker of English or is just so otherwise bogus that it's immediately apparent what it is. If there is the slightest doubt, hovering over a link shows it up for what it is.
Those old Nigerian email scams are just the SETUP for the more sophisticated Ukrainian scams.
Not necessarily. See Cormac Herley's (Microsoft research) paper "Why do Nigerian Scammers Say They are from Nigeria?" (PDF). The scammers intentionally drop hints (Nigerian origin, poor spelling, logical flaws) to filter out intelligent readers and catch the most gullible ones. That greatly improves their "yield".

Victoria
A good place to learn more about these scams and what some folks are doing about them is www.419eater.com
Attempted new signature...
Mill
Posts: 245
Joined: Tue Dec 22, 2009 7:04 pm
Location: Arkansas

Re: Received a suspicious e-mail? Here's what to do.

Post by Mill »

I get phish emails from someone impersonating a manager at FedEx regularly. Most companies with an online presence will have a fraud department that deals with unsolicitated phish emails, impersonators and the like. I advise anyone to report these emails to the appropriate company fraud team for investigation. (google search the company being impersonated, click contact, and the spam or fraud team info usually lists an email address to which you can report suspicious emails.)

There are way too many billions of dollars that get stolen from innocent people like this, and you can do your part to help fight it by just clicking the forward button.
kitteh
Posts: 194
Joined: Fri Mar 15, 2013 12:13 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by kitteh »

Mill wrote:I get phish emails from someone impersonating a manager at FedEx regularly. Most companies with an online presence will have a fraud department that deals with unsolicitated phish emails, impersonators and the like. I advise anyone to report these emails to the appropriate company fraud team for investigation. ...

There are way too many billions of dollars that get stolen from innocent people like this, and you can do your part to help fight it by just clicking the forward button.
I don't know if this does any good. What's the company going to do?

I reported crooked telemarketing calls to the Do Not Call list until I was blue in the face with no result, so I eventually stopped doing it. I have my ISP's spam filtering turned off, so I see stuff come in marked spam that is perfectly legitimate email. I reported that to them for awhile, but it has not decreased the incidence of this. You'd think they'd at least have a white list.
User avatar
Phineas J. Whoopee
Posts: 9675
Joined: Sun Dec 18, 2011 5:18 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by Phineas J. Whoopee »

My personal favorite, of the ones I've received and bothered to read, came about three years ago when they said my details had appeared on an online marketplace for stolen identities, and I just needed to confirm a few pieces of (very sensitive) information to them so they could remove it.

PJW
Mill
Posts: 245
Joined: Tue Dec 22, 2009 7:04 pm
Location: Arkansas

Re: Received a suspicious e-mail? Here's what to do.

Post by Mill »

kitteh wrote:
Mill wrote:I get phish emails from someone impersonating a manager at FedEx regularly. Most companies with an online presence will have a fraud department that deals with unsolicitated phish emails, impersonators and the like. I advise anyone to report these emails to the appropriate company fraud team for investigation. ...

There are way too many billions of dollars that get stolen from innocent people like this, and you can do your part to help fight it by just clicking the forward button.
I don't know if this does any good. What's the company going to do?

I reported crooked telemarketing calls to the Do Not Call list until I was blue in the face with no result, so I eventually stopped doing it. I have my ISP's spam filtering turned off, so I see stuff come in marked spam that is perfectly legitimate email. I reported that to them for awhile, but it has not decreased the incidence of this. You'd think they'd at least have a white list.
If nothing else, the more reports of fraud attempts that a legitimate company receives through emails from concerned customers, it might actually prompt them to take the imposters seriously. Fraud teams are skilled at killing faker websites, tracking the fraudsters, shutting down email addresses and increasing the legitamate companys all-around security.
likegarden
Posts: 3181
Joined: Mon Feb 26, 2007 4:33 pm

Re: Received a suspicious e-mail? Here's what to do.

Post by likegarden »

I simply do not answer to any of that stuff. Since I am retired I am also getting all kind of phone calls from people who try to sell something to older people which also is scam. So we do not pick up any of those calls. It also seems that those people who started 10 years ago to tell me via Email about having won a Hongkong lottery and that guy from Nigeria who had a business proposition have finally gotten the message and no longer send Emails. My advice is simply do not read bad Emails (delete them) and do not pick up bad phone calls, do not worry about it and do not respond.
Post Reply