Some websites, especially those that contain pornography, attempt to lure you with access to “free” content. They then make you enter your credit card number in order to confirm that you are at least 18 years old. Consumers who have done so have seen money debited from their accounts without their permission.
Phishing
Phishing is another method scammers use to drain money from your account. Scammers are constantly finding new ways to steal personal data, usernames and passwords for important services you use online. Over the past year, the Norwegian Consumer Ombudsman has seen several examples of scammers pretending to be a bank or credit card company in order to trick consumers into handing over their information.
Fraudsters will send you an email that looks like it comes from your bank or another site where your payment information is stored. In the email they might write that they are having computer problems, before asking you to resubmit your account number, credit card number etc.
If scammers are successful in their pitch, they will use your information either to swindle you directly or to defraud others under your name. Therefore, always remember that no legitimate company with which you have a customer relationship ever send you an email requesting your username and password.
PayPal fraud
The Norwegian Consumer Ombudsman has seen examples of phishing that use the name and logo of the PayPal payment solution. The fraudsters will often send you an email where they tell you that someone has tried to log in to your PayPal account or tried to withdraw money from your credit card using PayPal. If you give them your username and password, the scammers will be able to make transactions with your credit card through your PayPal account.
Avoid being scammed
You should never provide credit card or bank account information to someone who asks for it in an email. Always check with the bank or company that claims to be the sender before doing anything else.
Give your credit card number only to companies that seem legitimate and that you trust. Monitor your bank statements closely. If you discover that money has been withdrawn from your account without your approval, you should contact your bank immediately.
Also, never give anyone access to the passwords and usernames you use for your email or other important services.
Pay attention to the warning signals of a phishing attempt, such as:
- The sender’s email address. Large companies do not use Hotmail, Yahoo, Gmail or other web-based email addresses. However, be aware that fraudsters can change their email addresses so that they appear to be sent from a company’s server, even if they are not. Therefore, you should never rely solely on an email that appears to come from a safe company.
- General greetings. Phishing emails are sent to many recipients, which requires general opening greetings, such as “Dear user”. A legitimate email from a company such as PayPal will always use your first and last name in the opening greeting. Other legitimate companies may use your username.
- Emails that require quick action from you. Phishing emails will often ask you to react quickly, claiming for instance that someone is trying to access your bank account. If a real company discovers that someone is trying to infiltrate your account, however, the account will be blocked until you open it again. In other words, there is no reason to make haste.
- False links. Phishing emails will often tell you to follow a link to log into your account. These links appear to send you to the company’s official website, but in reality, they route you to a fraudulent website. One easy way to reveal this is to hover the mouse cursor over the link before clicking on it. In the bottom left bar of your browser, you should see where the link will take you. If this address does not match the one in your email, you should be suspicious.
- A phishing email will often ask you to open a file that is attached to it. The attachment may contain spyware or viruses. Therefore, never open attachments from senders you do not trust.
- Requests for personal information. Legitimate companies will never ask you to provide credit card numbers, pin numbers, bank account information, usernames or passwords in an email.