Internet con artists are clever. Even smart people can be duped sometimes. Even those who keep active watch against scams and schemes can make mistakes.

As I checked e-mail this morning, I was baffled by a notice from Paypal. “Your eCheck payment of $29.90 USD to jdroth@xxxx.com has been deposited into your recipient’s account,” the message read. But why would I be paying myself? “Do you know what this is?” I asked Kris. “Why are we sending money to ourselves?”

“Isn’t that spam?” she asked.

Oh. Of course. Normally, that would have been my first instinct, too, but for a few minutes there, I had relaxed my guard, had opened myself up to be a victim of “phishing”.

Phishing scams in plain English
What is phishing? As penance for nearly committing an internet sin, I made myself re-watch Common Craft’s Phishing Scams in Plain English, which explains how these scams operate, and how best to protect yourself:

You’ve probably seen it. You receive an e-mail from your bank or trusted company, and it’s asking you for information. It looks real, but it’s designed to fool you into handing over important information. This is a scam called phishing, and you need to avoid it. This is Phishing Scams in Plain English.

This video suggests several ways to minimize the risk of being scammed:

  • Deal directly with organizations you trust.
  • “Always be suspicious of an e-mail that asks for your information. No exceptions!”
  • Don’t panic if you receive a suspicious e-mail. There’s no risk to just getting the mail; problems only occur when you respond to phishing attempts.
  • Never click a link or fill out a form in an e-mail from your bank, etc. Always navigate directly to the site.
  • Forward the suspicious e-mail to reportfishing@antiphishing.gov or spam@uce.gov. (Update: Carrie writes to say that this is the correct e-mail for reporting phishing attempts: phishing-report@us-cert.gov.)

On a related note, my mother sometimes has trouble differentiating hoax warnings from the real thing. Fortunately, she’s learned to use and trust Snopes.com, the urban legends reference site. The Snopes fraud and scams section is a useful resource.

I also think it’s important to periodically review the basics of how to prevent identity theft.

Safe and sound
My story has a mundane ending. The message I received from Paypal wasn’t spam, and it wasn’t phishing — it was a real message, but poorly worded. The $29.90 wasn’t paid to me, but from me to another company.

This could just as easily have been a phishing attempt, however, and I had let my guard down. Despite my constant vigilance, and my frequent warnings to others, I’d suffered a momentary lapse, and that’s all it takes to become a victim.

More about Common Craft
At Common Craft, Lee and Sachi LeFever create short and simple videos to explain complex ideas. You may have seen their work in the past:

As their videos have become more successful, the LeFevers have not only been able to make producing them a full-time job, but they’ve also expanded the subjects they cover. They’ve even begun to feature topics related to personal finance, such as compact fluorescent light bulbs. I shared Phishing Scams in Plain English with their permission.

This article is about Odds and Ends