Some staff at the Alumnae Association received the following email supposedly from PayPal even though they do not have a PayPal account:

Dear PayPal customer,

We recently reviewed your account, and we suspect an unauthorized use
of your account. Therefore as a preventive measure we have temporary
limited your access to sensitive PayPal features. To ensure that your account is not compromised please log on to your PayPal Online Account, verify your account information and your online account will be reactived by our
system.

What you need to do:
Log On to your Online Account

Enter your Account Information

**************************************
IMPORTANT CUSTOMER SUPPORT INFORMATION
**************************************

We are committed to delivering your quality service that is reliable and highly secure. This email is one of many components designed to ensure your information is safeguarded at all times.


Please do not reply to this message. For any inquiries, contact Customer Service.

Document Reference: (92051208).

The links in the email take you to the following address:

http://mstudio2.aknet.it/.../.www.paypal.com/cmd=_login-run.html

This page is located on a web site for a furniture store company in Italy which is probably unaware that their server has been hacked and is being used this way. If you have the latest version of Firefox, you should get a warning if you try to visit the page that it is a fruadlent site.

The email message is very typical and unfortunately all too common. 

Here are some tips to help protect yourself:

Protect your computer’s security

  • Keep your computer and browser software current with security updates;
  • Install and update anti-virus and anti-spyware software and use personal firewalls to protect your computer;
  • Be alert to the threats posed by malware--(malicious software) which can damage or disrupt your system, or secretly record information such as keystrokes;
  • Do not enable automatic log you in to your bank or credit card web accounts or pre-fill the Login ID or password fields;
  • Change your password periodically and avoid using passwords for your financial web site accounts that you commonly use for other purposes; and
  • For more information on how to protect your personal computer, including links to vendors providing anti-virus and anti-spyware software, you can visit the Federal Trade Commission’s computer security site at http://onguardonline.gov. Microsoft Corporation provides additional information specific to the Windows operating system at http://www.microsoft.com/security. Users of Apple computers can find security information at http://www.apple.com/support/security.

Using your computer in a safe manner

  • Do not share your Login ID and password with anyone;
  • Check to make sure you are interacting with a secure Web site, as above;
  • Always log off after completing your activities on secure web sites, especially banks and credit card sites.
  • Be careful about using third-party computers or computers that you are not familiar with such as those in Internet cafés and be careful to ensure you have fully logged out.

Preventing fraud

  • Do not provide personal or financial information in response to an email request or by clicking on a link, unless you are able to verify the authenticity of the site to which you are taken through the SSL padlock or other means;
  • Do not enter personal information into a form within an email message or a pop-up;
  • Do not open an email if you do not recognize the sender and be particularly cautious of any attachments to emails from unrecognized sources.

Identity Theft

Take steps to safeguard your information to help protect yourself from identity theft.

  • Financial companies should never request your Login ID or password, or any other information in either a non-secure or unsolicited email communication;
  • check your credit report regularly for unauthorized activity and protect your personal identification numbers (PINs) or personal data.

You can protect yourself against Phishing

Phishing is the illegal attempt to mislead consumers into providing personal or financial information, including account numbers, passwords and Social Security numbers, via email or through fraudulent Web sites.

The most frequent phishing attacks occur through email disguised to appear as though it came from a reputable financial institution or company.

Most phishing attempts urge you to update or validate your account information, typically through a link in an email directing you to a fake Web site that appears to be legitimate.

 

A Phishing attack can be detected

While there are many phishing attacks active on the Internet, there are some typical characteristics:

  • An email contains an “urgent” tone requesting your immediate action on an account-related matter.
  • An email is sent from a user falsely claiming to be a legitimate company with an attachment. An unsolicited email attachment more than likely contains a virus. Do not open it.
  • A pop-up window appears from a user falsely claiming to be a legitimate company’s Web site asking for personal information.

Learn more about Phishing scams or Identity Theft

Additional information can be found at www.antiphishing.org or www.consumer.gov/idtheft/

 

What To Do If You Are A Victim of Identity Theft

If you are a victim of identity theft, here are some recommended steps:

  • Contact the fraud departments of each of the 3 major credit bureaus:
      Equifax Experian Trans Union
    Report Fraud 800-525-6285 888-397-3742 800-680-7289
    Order Credit Report 800-525-6285 888-397-3742 800-916-8800
    Web Address equifax.com experian.com transunion.com
    Address PO Box 740241
    Atlanta, GA 30374-0241    		 PO Box 9530
    Allen, TX 75013    		 PO Box 6790
    Fullerton, CA 92634-6790

  • Request copies of credit reports. Review the reports carefully and identify any new accounts that may have been opened. Pay particular attention to the section of the report that lists "inquiries" from new companies. Contact these companies immediately and have them remove any pending or new accounts from their system. Note: Credit bureaus must provide free copies of credit reports to victims of identity theft. Contact the fraud departments of creditors to dispute unauthorized charges (e.g., credit card issuer, phone companies, utilities, banks, other lenders.) Describe your identity theft problem and follow up with a letter.
  • Contact the fraud departments of creditors to dispute unauthorized charges (e.g., credit card issuer, phone companies, utilities, banks, other lenders.) Describe your identity theft problem and follow up with a letter.
  • File a report with your local police department and ask to file a report. This may help when clearing your credit.
  • File a complaint with the Federal Trade Commission (FTC). The FTC handles complaints from victims of identity theft, provides information to those victims, and refers complaints to appropriate entities, including the major credit-reporting agencies and law enforcement agencies.
  • By Phone: 877-ID THEFT
  • Online Complaint Form: www.consumer.govidtheft

Other Resources to Learn More about Identity Theft: