Elliott Greenblott | Fraud Watch: How to detect impersonation and phishing scams


The IRS sent me an email asking me to verify my identity and data! Oh, no! Somebody's trying to access my American Express account from an unknown computer and the company wants me to verify my information by completing the online form.

Either of these sound familiar? As different as they may seem, actually both are the same: They are criminal attempts to steal money using a computer. Online con-artist approaches range from the promise of wealth and opportunity to threat and intimidation.

In this first of a two-part series, we'll examine impersonation and phishing. Part two will address tech support, lottery, job offer, sweetheart, and travel offer fraud. While the common thread is online fraud, most of these scams can be attempted by phone, in the mail, or even face-to-face.

Impersonations and phishing expeditions accounted for nearly two-thirds of fraud reported to the Vermont Attorney General in 2015. Impersonations take many forms but most frequently appear as messages from financial institutions or the Internal Revenue Service.

Growing in sophistication, these "phishing expeditions" often use visual deception to extract personal data used to commit financial and identity theft. The intended victim receives an email containing an alert, a request for verification, or even a threat of legal action.

The email displays government or corporate logos and insignias conveying a sense of legitimacy or authority and directs the recipient to "click" on a link to a website. The fraudulent website is often a copy of the institution's legitimate website but it links to the criminal's computer. The fraudulent website requests information like name, address, birth date, place of birth, account numbers, passwords, Social Security numbers, mother's maiden name, mother's birthplace, and more. In other words, it's information establishing and confirming the intended victim's identity.

In most situations, government and financial institutions do not communicate via email.

Nonetheless, confirming the source is possible. So, what should you do? First, confirm the origin of the email. Many email programs allow for pre-screening, or viewing an email without opening it. Look at the sender's address to see if it is actually sent by the organization. If it comes from a government agency, the address would have the ".gov" designation such as notice@irs.gov.

The U.S. Government, American Express, Apple and Microsoft do not use Hotmail, Yahoo, or Gmail accounts to communicate.

Contact the organization that allegedly sent the email to inquire about any issue or problem, but do not use a phone number or email address included in the message. Use an email address or phone number you can verify as authentic, such as the one on the back of a credit card or printed on legitimate mail you have received in the past, to verify theirs.

Do not open any attachments or activate any links. Opening an attachment or a link can allow for a "Trojan Horse" virus to be installed on your computer which may carry a virus or extract information.

If curiosity or foolhardiness compels you to proceed, examine the URL in the address line of the browser window. It should display the letters "HTTPS" and the official site location as mentioned concerning the email address. Even so, verify the communication by making verifiable contact with the supposed source.

Individual scam attempts frequently have very short lives. Con artists use specific web addresses for a particular scam and close the address within a day in order to hinder detection. Also, legitimate businesses and web server managers work to disable fraudulent sites as quickly as they can.

Still, it is important to report attempts. Contact the Federal Trade Commission at https://www.ftc.gov to report cyber crime or the Vermont Attorney General's Consumer Assistance Program, consumer@uvm.edu or call 800-649-2424. For personal information and assistance, call the AARP Fraud Watch Network at 877-908-3360.

Elliott Greenblott is the Vermont coordinator of the AARP Fraud Watch Network. The AARP is seeking fraud fighters. Join the AARP Fraud Watch Network and receive watchdog alerts and tips. It's free. Go to aarp.org/fraudwatchnetwork or volunteer by emailing vt@aarp.org, calling 877-434-7598, or by emailing Greenblott at egreenblott@aarp.org.


If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.

Powered by Creative Circle Media Solutions