Thursday 22 September 2011

The Voice - Consumer's Voice

Dear Consumer’s Voice

I received an email from Sony Ericsson telling me that they were giving away free laptop computers. Is this true?

It most certainly is NOT. The email shows a picture of a very sexy Sony Ericsson laptop and says:

“Ericsson is distributing free laptops for their brand promotion. They hope to increase their popularity and sale by this campaign. All you need to do is send an email about this promotion to 8 people and you will receive an Ericsson T18 laptop.”

This is nonsense. Companies like Sony Ericsson don’t give away free laptops. Not ever. This is a hoax, one that has been circulating, according to Sony Ericsson themselves, for over 11 years. It’s not true and please don’t waste your time, other people’s time and your internet bandwidth by circulating it any further.

Paypal warning

PayPal is a very useful way of paying for purchases online. I’ve used it on a few occasions and I’ve found it to be safe, secure and reliable. However, consumers need to be very cautious not about PayPal itself, but when PayPal is used as a cover story for “phishing” attacks. Phishing is a common way of obtaining personal, confidential and secret information like your ATM PIN, your internet banking user ID and password and even other details like your passport number. How, you might wonder, do they get these secret bits of information from you? It’s simple. You just hand them over when they ask for them, it’s as simple as that.

Phishers do this by linking you to a web site that is a very good copy of the normal web site for your bank, or as in this case, the PayPal web site. Trust me, the web sites they construct are very convincing. In fact they’re often stolen copies of the genuine site with only one key difference. When you press the Submit or Send button, instead of your information going to the genuine web site it goes somewhere else, a web site that stores all the personal data you’ve entered.

We were shown an email last week that said:
“We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited your online account access in order to protect against future unauthorized transactions. Please download the form attached to this email and open it in a web browser.”
When you open the link it presents a very convincing fake web page that asks for the usual things like your name, address and phone number but also your “Social Security” number, drivers licence number and bank account number. It also asked for your PayPal account number and, more importantly, your PayPal password. This is what they wanted next:


I did a little digging and discovered, once you looked closely at this downloaded web page, that almost all of it was made of elements from the genuine PayPal web page. Except one. When you hit the Submit button all the data is sent to a site hosted in Italy. Of course it’s not the fault of the Italian web site owners, their web site has itself been hijacked and is being used to send the data on to somewhere else. The moment your information reaches this next location you can rest assured they’ll be spending your money. And it was YOU that gave them the details they needed.

I hope that by now people know never to open links from emails that appear to be from their bank or from companies like PayPal. I hope you realize that no legitimate company will ever do this. I hope that internet users by now know always to be extremely careful when they enter personal details like their banking passwords and PIN number? The rule is simple. If you have the slightest doubt, contact your bank the old-fashioned way and get them to confirm that what you’ve been asked to do is genuine.

No comments: