One of the biggest scams on the Internet these days involves phishing (pronounced fishing), or tricking the victim into giving away important accounts and passwords. Almost every business is a potential target, and if a victim gives away the wrong information, they can lose a lot of money.

As an example, here's a friendly warning I received from PayPal:

PayPal Account® Posible Fraud - Notification Security check!

You have received this email because your account has been used from different locations by you or someone else. For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details. To help speed up this process, please access the following link so we cancomplete the verification of your PayPal Account:

Alert code: 1366968850 (goes to:

Please Note: If we do no receive the appropriate account verification within 48 hours, then we will assume this PayPal Bank account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.

We appreciate your support and understanding and thank you for your prompt attention to this matter.


PayPal - Paypal Account® Security Department

© 2007 PayPal Account Co.

Please do not reply to this email as this is only a notification. Mail sent to this address cannot be answered.

PayPal Account® Banking Departament

Note that they warn me that if I don't log in, my account (and any funds therein) will be placed on hold. Paypal is notorious for seizing accounts for almost ficticious reasons, and the users have to go through hell getting their funds returned. Go to Google and search for "Paypal sucks stolen" for many horror stories. If this was a legitimate email, I would certainly want to keep my account from dropping into the dark pit of phone hell.

There are a few indicators that catch my attention. First off, Paypal is not a bank, and they go through great pains to say they're not a banking institution because of lawsuits and the repressive federal requirements for managing a bank. The bottom of the email says Paypal Account Banking Departament (with a mis-spelled 'department'). It's doubtful an organization like Paypal would send out poorly worded emails with obvious errors.

Note the link, which I left intact, except to add the word 'fraud' a few times. It appears to go to the Paypal website, but if you were to look at the web page source code, or just hover your mouse pointer over the link (without clicking), you'd see the link actually goes to, a German website that has a perfect copy of Paypal's login page.

When they visit the forged page, the unsuspecting victim enters their account name and password. The forged website generates an error, usually a "you must have mis-typed your password" page. Then it sends you off to the real Paypal website to log in, which works like it's supposed to. The victim cannot find the link that says their account needed to be verified, so they assume all is well.

The scammers will log on with the stolen account and password, then clean out any attached bank accounts and credit cards. By the time the victim realizes they've been robbed, the crooks are long gone. Note that debit cards rarely have the protections of true credit cards.

Almost every bank has a few dozen phishing attacks daily. From personal experience, I've found about 80% of mine come from South Korea or China.

You should never click on any link in an email if it has any ties to your money. Banks will never ask you to click on links, or to verify your account due to possible fraud. Almost every bank suggests you type in the bank's website address manually, and make sure the web page is secure. In Microsoft's Internet Explorer, look for a little lock symbol on the bottom bar of the browser.

Be safe, and be paranoid when it comes to your money.