Charity or Chicanery? This has been a year filled with natural disasters – tornadoes, earthquakes, droughts, wildfires, and floods. The devastation to lives and property has been overwhelming and makes us want to help the victims, frequently through donations of money. But be careful: the Federal Internet Crime Complaint Center (IC3) has issued an alert warning you that bad times frequently bring out bad people. When you make a donation to a charity, be sure to protect yourself by following these straightforward guidelines: • Never respond to unsolicited email. Delete it. • Be skeptical of people representing themselves as officials using email to solicit for donations. • Never click on a link in an unsolicited email. • Be cautious of email claiming to contain pictures in attachments. The attachments might contain viruses. • Donate directly to known charities. If you are not familiar with a particular charity, the Internet can provide a wealth of information. By using this easy strategy, you can ensure that your hard-earned dollars are going exactly where you want them to go. Fall 2008 When U.S. legislators ratified the Anti-Spam Act of 2003, there was a notable exclusion – political candidates are still allowed to solicit contributions via email. This is a mixed blessing. It allows political candidates to quickly reach millions of potential contributors, but it also provides a golden opportunity for phishers. During the 2000 presidential election, phishing was still in its infancy and its impact was minimal. Then in 2004, phishers targeted the Kerry-Edwards campaign because they were actively using the Internet to communicate. One of the known attacks was an email directing people to a phony website soliciting donations. Many people willingly provided credit card and other personal information thinking that they were supporting their chosen candidate. In another scam, an email requested that the recipient call a specific 900 number to discuss the issues. Those who called the number were billed at $1.99 per minute. Neither perpetrator was caught. Now phishing attacks have gained momentum and the 2008 presidential campaign is a well-stocked phishing pond! Here are some common sense suggestions to make sure your money goes where you want it to. 1. If you receive an email soliciting a donation, do a little research before responding. Both candidates and phishers are counting on your impulsiveness. 2. Do not click on any link in the email or view any attachments. The safest action is to contact local campaign headquarters by telephone or in person. They can give you the official campaign website address. 3. Be aware that there are “sounds like” web URLs that can be used for phishing expeditions, so make sure you repeat the website address back to verify it. 4. Keep in mind that you should contact them. Do not respond to an unsolicited telephone request for a campaign contribution. Unsolicited calls can be vishing attacks! The election promises to be an exciting one and we encourage your participation – just do it in a way that protects your personal finances and information! Phishing on the Campaign Trail Protecting yourself against phishing attacks is really quite simple. 1. Make a call to verify information. Make sure you use the phone number in your rolodex, not one provided in a suspicious email. 2. Type it yourself. Don’t just click on a link or cut and paste it onto your browser. Type your trusted URL yourself and you’ll get to the real destination. 3. Beef up your security. There’s no good reason not to have anti-virus, anti-spam, and spyware detection on your computer. There are inexpensive software bundles available and even free programs you can download from the Internet. 4. Read your bank and credit card statements. Take a quick scan of your statements as soon as they arrive. If you see something suspicious, it’s much better to check it out sooner rather than later. 5. Recognize the Sharks. Visit the Maine Anti-Phishing Coalition website at www.noPhishing.org for the latest information on phishing attacks and links to helpful resources. Five Easy Pieces (of advice) The Official Newsletter of noPhishing.org