Phishing - Don't be a Victim
How to Avoid Falling For an Email Scam
This page is based on an email sent to all Words in a Row clients.
The number of scam emails we've all been receiving has been increasing lately. Many of these emails state that they are from Google AdWords, and the email looks exactly like or is very similar to real email from Google AdWords, but these emails are not from Google at all.
These are called "PHISHING emails" (sounds like FISHING).
PHISHING basically means "information theft scam" - and they are a kind of email-based scam. They are an attempt to get you to give over your personal or sensitive information like login details or credit cards. Phishing emails can look exactly like the real thing - the things we take as trust factors in emails are really easy to fake.
You are the only person who can protect yourself from being scammed. You need to know what to look for.
What does a phishing email look like?
Phishing emails may surprise you as follows:
- They may have the exact accurate Google logo at the top of the email,
- They may appear to have the right links in them, at least visually, that look like they go to the real Google (but don't),
- They may even have accurate "return" email addresses that check out just fine, and are the same email address that are given in the non-fraud version of the email,
- They may appear to come from perfectly legitimate "from" email addresses that check out just fine (except if you follow up you find out that this was not who sent the email),
- They may look exactly like the real thing, and stand up perfectly in a side by side comparison when visually compared to an actual email from Google.
Ocassionally, the scam artist is imperfect in his set-up and you can spot a flaw in one of the above. But it's not as common to see a flawed email as it is to see a perfect fake. Sometimes I think they send out the flawed emails just to lure you into false security, make you think you know what they look like, to set you up to fall more easily for the perfect-looking ones.
Most email virus filters or SPAM filters will not find and remove a really well-made Phishing scam email. It's not good to depend too heavily on these programs to keep you safe anyway.
So, how can I tell it's a scam?
The ONLY difference that needs to be there for it to be a phishing email is that when you hover over the link, or click on the link, it does not actually go where it says it does. Instead, it takes you to some other website, set up to be a fake Google AdWords that LOOKS like Google in every way. That fake website has only one purpose, to steal your information. If you enter your login information, the criminals will hijack your Google campaign and use it to sell whatever they want. If you actually give them a credit card number, they will siphon as much money as they can out of that card, either all at once, or in small regular debits that don't alarm you.
It is highly probable that most phishing victims never even figure out there is a problem. I know of a few phishing victims that did not know they had been victimized until informed of it by me or other trained consultants.
What do I do with a phishing email?
There are places you can forward phishing emails to in order to get the perpetrators stopped.
firstname.lastname@example.org, email@example.com are all the email addresses to send them to at Google. If the perpetrator uses a Google.com fake email address, send it to firstname.lastname@example.org as well.
Also, there is an official agency to report these to:
Report them, then delete them.
A phishing website's going to look wrong, right?
No. They often look exactly right. If you follow such a link, the fake website may even be able to interact with you and appear legitimate on the surface, all the way up to the point where you'd normally be seeing sensitive data. They are sometimes put together very cleverly. They are designed to fool you into false security, and it is a nasty trap.
The ONLY way to avoid this kind of fraud is to NEVER click on an email link. Even if you're absolutely sure it's from the real deal. Instead, use your own saved browser bookmarks, or go there directly (AdWords.Google.com) by typing it into your browser by hand. Always look at what is in the address bar. And install whatever protections your browser has for keeping you from giving your money to a known phishing website.
Please note that there are phishing emails being sent out for every kind of data - Google AdWords accounts, obviously, plus bank accounts, advertising accounts, Amazon, eBay, PayPal, MySpace, FaceBook, email accounts, everywhere.
Do not follow any link sent by email of any kind and you should be safe. If you really HAVE to follow an email link, double-check the actual address you have been taken to in your browser before you EVER enter any information into a form.
It can be very difficult to fix this and require cancelling credit cards, closing accounts, and be a lot of hassle to correct a small slip up in regards email scams. Please be vigilant.
If you've already fallen victim to a phishing SCAM, you need to stop up the gaps to protect yourself from further damage. Consult a lawyer. I of course am not giving legal advice here - my advice stops as soon as you've got a crime on your hands. But if it were me, I'd close all affected accounts and then change that username / email address / password combo absolutely everywhere you may have used it, no matter how much of a pain it seems or how unlikely to cause damage the rest of the accounts may seem to you. Doing this should help contain any further damage.
Return to Top of Page.