Thursday, November 19, 2009

Fool Me Twice

Fool me once, shame on you -- fool me twice, shame on me.

Several years ago, I got caught. I received an email warning of a dire threat to my bank account. The message looked legitimate, down to appropriate logos and language. All I had to do was click on a link, which I did. Bad move -- I had been fooled once.

Baiting the Hook

Email scams rely on fear and greed. They suggest something to good to be true or too horrible to contemplate. Well crafted scams stop just short of this. They want to offer something good enough that it might be possible or just dangerous enough to raise concern without raising panic.

The one I fell for was nearly perfect. Happily , the villain did a better job on the bait than the trap. He got my email address but none of the other information he was after because his trap fell apart spectacularly. The email I got the next day apologizing for the problem was neither well done nor convincing.

An Ounce of Prevention

I had been fooled because the message came to my email address and appeared to come from my bank. Scam artists can easily make a counterfeit email look real. There's nothing to be done about that, but I realized that I have control over my email address.

I created a custom email address for each bank or business I deal with and gave that email to the other party and nobody else. I did this with Yahoo's Address Guard service, but any email address  used for only one purpose will do. Because the address is rarely used,  the chance of it being on a scam list is remote. The bank has only that email address, so an email which appears to come from them to my public email is an obvious fraud.

This plan is not foolproof. It is still possible that a scam email gets sent to your hidden email account, so you still need to be cautious. Create a distinct account for each bank, for PayPal, EBay, and any other vendor you do business with. If you have any clue that the address has been compromised, change it at once. If a problem looks real, find a way to reach the other party without using the email.

The Bottom Line

A public email address is no place to do private business. If you create custom email addresses and guard them the way you do credit cards, the few scams that reach you will be easier to spot and deal with. Don't be fooled even once if you can avoid it.

No comments:

Post a Comment