One thing I am asked weekly is, “I just received an email alert telling me my mailbox exceeded the storage limit, why is that?”.
Wellllllll, first of all, these messages, though they come in email and look all official, signed by “System Administrator” or something similar, are likely phishing attempts.
If you hover over the URL listed to “re-validate” your mailbox, or to “increase your storage limit”, you will see that the link has nothing to do with your email host.
People who fall for this and follow the link through are presented with a form which asks for personal information to authenticate your account. That information is destined for parts unknown and could be used for anything from creating new accounts for you, to obtaining personal information about your finances, medical records, or who knows what. In most circumstances, it is going to be for monetary gain.
One I checked out for a client a few minutes ago prompted me to write this blog post… It was a very authentic looking email that appeared to come from Google’s GMail service. Even the link looked right upon first glance even to me, and understandably to the person who received it. The web interface was in the style of Google’s and other than the VERY in-depth questions, would have passed for a Google page. It was the supposed “Personal Profile Page”.
We’re talking about asking a person to input their first, last and middle name, street address, phone number, cell phone number, age, sex, birthdate, email address, which is fairly normal, but upon entering bogus information, it took me to a second page. That one was for “Personal Identity Verification” purposes, “for your safety”. Heh…. It asked you to input security questions for help in identifying you in the future. Mother’s maiden name, street you grew up on, enter a pin number, old Google password and a new one to change to for security purposes and something you should never be asked for, Drivers License number and expiration, SOCIAL SECURITY NUMBER and a CREDIT CARD number with expiration date “For account verification purposes only, no charge will appear”.
They had gone to the trouble of putting up a FAQ that was functional, and even a “Contact Us” link that gave you a webform to fill out with your information.
Bottom line here is – don’t believe everything you read, and certainly, don’t just enter your private information into sites just because it LOOK official……
If you have done this recently, you should contact your financial institutions immediately. Watch those credit card bills closely!