Several signs can help you determine if an e-mail is legitimate or a spoof. Spoof e-mails (also known as phishing or hoax e-mails) appear to be from well-known companies. To bait you, an e-mail may say there's an urgent situation concerning your account, then ask you to click a link back to a spoof website to provide personal information.

Even if you don't supply any information, just selecting the link may enable thieves to access your computer, record your keystrokes, and capture your password.

Also, beware of spoof web forms that ask you to provide confidential information that a legitimate company would not ask the customer to enter for a particular transaction.

E-mail use best practices

  • Install anti-virus, anti-spyware and malware detection software - The best defense against computer attacks is preventative software. You will need to update the software regularly to guard against new risks, so download updates from your provider as soon as they're available. Or better yet, set the software to update automatically.
  • Share your e-mail address with only trusted sources. Only your family, friends, and trusted business contacts should have your personal e-mail address. Do not post your e-mail address on websites, forums, or in chat rooms. If you post your e-mail address, you are vulnerable to receiving spam or having your e-mail passed on to others. If you would like to subscribe to a newsletter or website and receive a confirmation e-mail for online transactions, consider using a generic e-mail address that is not linked to any of your personal information. An example of a generic e-mail address is giraffe@samplee-mail.com.
  • Be careful when opening attachments and downloading files from friends and family or accepting unknown e-mails. You can obtain a virus, worm, or Trojan simply by opening e-mail and attachments, and by accepting files from your friends, family, or others. If you choose to download files, make sure your security software is enabled and pay close attention to any warnings provided.
  • Watch out for phishing scams. Phishing scams use fraudulent e-mails and fake websites, masquerading as legitimate businesses, to lure unsuspecting users into revealing private account or login information. To be safe, if you receive an e-mail from a business that includes a link to a website, make certain that the website you visit is legitimate. Instead of clicking through to the website from within the e-mail, open a separate Internet browser and visit the business' website directly to perform the necessary actions. You can also verify that an e-mail is in fact from a legitimate business by calling the business or agency directly.
  • Use e-mail wisely.E-mail is a great way to keep in touch with friends and family, and as a tool to conduct business. Even if you have good security software on your PC, your friends and family might not have the same protection. Be careful about what information you submit via e-mail. Never send your credit card information, social security number, or other private information via e-mail.
  • Do not reply to spam e-mail. If you don't recognize the sender, don't respond. Even replying to spam e-mail to unsubscribe could set you up for more spam.
  • Create a complex e-mail address. With a complex e-mail address, it makes it more difficult for hackers to auto-generate your e-mail, send spam e-mail, or target your e-mail for other types of attacks. Make sure you come up with an e-mail address that you can easily remember. Try to use letters, numbers, and other characters in a unique combination. Substitute numbers for letters when you can. A sample complex e-mail is: Tracy3Socc3r2@samplee-mail.com.
  • Create smart and strong passwords.Make it difficult for hackers to crack your password. You can create a smart password by incorporating a combination of upper case letters, lower case letters, numbers, special characters and using more than six characters. An example of a strong password is: Go1dM!n3.
  • Never enter your personal information into a pop-up screen. Sometimes a phisher will direct you to a real organization's website, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Install pop-up blocking software to help prevent this type of phishing attack.

What is a Spoof Website?

Web page spoofing is an activity that hackers use to direct website visitors to a website that looks like the one they believe they are visiting. The actual site, however, is hosted in a different location, usually for the purpose of gathering personal or confidential information that is used in identity theft.

Spoofed websites are often used in conjunction with spoofed e-mails or phishing e-mails. The messages contain a link to the site, then when a visitor logs onto the site, they are prompted to provide account information, usernames and passwords, or a social security number or date of birth.

A spoofed website appears identical to the website that is being copied, although it may have a different URL. However, hackers can also disguise the URL, which makes it very hard to distinguish a spoofed site from the real one.

How to Spot a Spoof?

  • Sense of urgency - Messages claim your account will be closed or temporarily suspended and warn you'll be charged if you don't respond.
  • Spelling errors - There may be obvious spelling errors, which help spoof e-mails avoid spam filters.

Member FDIC Equal Housing Lender 107 N. Pennsylvania St., Suite 700 • Indianapolis, IN 46204
Phone 317-261-9000 • Fax 317 261-9696
Toll Free 877 233-9500