1. What is Spoof Email?

Spoof emails can be a major problem for unsuspecting Internet users. Claiming to be sent by well-known companies, these emails ask consumers to reply with personal information, such as their credit card number, social security number or account password.

These deceptive emails are called "Spoof Emails" because they fake the appearance of a popular Web site or company in an attempt to commit identity theft. Also known as "hoax" or "phishing" emails, this practice is occurring more and more frequently throughout the online world.

Example Email Spoof Form
Common Deceptive Tactics of a Spoof Email
The following will help you prevent falling for a Spoof email and protect your account. The lessons learned here can be applied not only on Welistyou, but wherever you do business online.

One common example of a Spoof Email can be seen on the right -- forms requesting personal information within the email are a clear indication of Spoof. Do not respond to these.

My Messages is the definitive, legitimate source for any email from Welistyou that affects your account. The bottom line - if an email affects your Welistyou account, it's in My Messages. If you get an email that looks like it's from Welistyou about a problem with your account or requests personal information and it's not in My Messages, it's a fake email. Visit My Messages to verify your Welistyou emails today!

Warning Signs of a Spoof Email: http://www.welistyou.com/spoof.php

Spoof email may include a forged email address in the "From" line - Some may actually be real email addresses that have been forged. (From: billing@Welistyou.com; From: WelistyouAcctMaintenance@Welistyou.com; From: support@Welistyou.com).

HOW TO SPOT A FAKE WEBSITE:
VERIFYING A WELISTYOU SPOOF JUST GOT EASIER:

My Summary Box is the definitive, legitimate source for any email from Welistyou that affects your account. The bottom line - if an email affects your Welistyou account, it's in “My Summary Box” under “My Email”. If you get an email that looks like it's from Welistyou about a problem with your account or requests personal information and it's not in My Summary, then it's a fake email. Visit My Summary in My Email to verify your Welistyou emails.

Example Spoof Email [web page]
 
Example Spoof Form [web form]

HOW DO I REPORT SPOOF EMAIL?

Spoof emails are deceptive emails claiming to be sent by well-known companies in an attempt to commit identity theft. If you have any doubt whether an email is really from Welistyou:

Forward the message to spoof@Welistyou.com. 
Do not alter the subject line or forward the message as an attachment. If you do this, it prevents Welistyou from investigating it further. Welistyou investigates every spoof reported. Please note that the automatic response you get from Welistyou may not address you by name.
Once you have forwarded the email, you can then delete it from your email account.

HOW DO I RECOGNIZE SPOOF (FAKE) WELISTYOU WEBSITES?

One of the biggest threats to the security of your Welistyou account and your identity is fraudulent email and websites, called spoof email and spoof websites. Both are used to obtain personal and account information. To help protect its members against these threats, Welistyou has adopted a comprehensive strategy. These efforts include the development technology solutions such as Account Guard and Community vigilance about spoof email and spoof websites. It is important to learn to recognize both.

Important:
Become part of the vigilant Welistyou Community by forwarding suspicious email to spoof@Welistyou.com. For more information, see Reporting Spoof (Fake) Email.

If you suspect that your Welistyou account may have been tampered with, follow the instructions on the Securing Your Welistyou Account and Protecting Your Identity pages.

If you receive email that includes links and requests sensitive information be cautious.

A spoof email pretending to be from Welistyou typically contains a link that takes you to a fake website that requests that you sign in and submit personal and account information.
Welistyou does not require you to enter information on a page that cannot be accessed from the Welistyou “My Summary” box or site. When possible, you should avoid clicking links. Instead of clicking the link, you should copy the address and paste it into the address bar area of your web browser. While Welistyou may send email that contains links, the links are provided for convenience only. You will not be required to submit sensitive information if a direct link is provided to Welistyou page.
If Welistyou requests information from you, a copy of that email will be in the “My Summary” Box in My Welistyou Account. You can submit the requested information using My Welistyou Account.
Welistyou does not send you email that includes attachments, or ask you for your password or other sensitive information through email. For more information, see Reporting Spoof (Fake) Email.

Beware of fake Websites pretending to be Welistyou.

If you clicked a link in an email, verify that the Web address in your browser is the same as the address shown in the email.
Never enter your Welistyou User ID and password on a page that doesn't have "Welistyou.com" immediately before the first forward slash (/). If the address includes additional characters prior to the forward slash such as "@," dashes, etc., it is not a Welistyou page. Even if the Web address contains the word "Welistyou", it may not be a Welistyou website.

Examples of fake Welistyou addresses: http://signin.Welistyou.com@10.19.32.4/ or http://signin-Welistyou.com/

      Real Welistyou address: https://signin.Welistyou.com/

Before signing in, check the Web address in your browser. To be sure that you are signing into a genuine Welistyou website, look at the address bar area of your browser. At a Welistyou sign-in page, the Web address (URL) that appears in the Address/Location field of your browser should begin with https://signin.Welistyou.com/ as shown in the following illustration.

The example above applies to the Welistyou.com website. A more complete set of web addresses is listed below:

United States Sites
Site                               Sign-in Web address
Welistyou.com              https://signin.welistyou.com/...
Discussion Boards         https://signin.welistyou.com/...

SENDING HEADERS:

When reporting email you have received from other Welistyou users, it is important that you include the complete email message header. In order to investigate your report, Welistyou must have a complete copy of the email you received with the full header included. Using this information, Welistyou can trace the pathway of the email you received back to the sender.

SECURING YOUR ACCOUNT AND REPORTING ACCOUNT THEFT:

Welistyou works hard to ensure that your account information remains safe, including working with you to protect your account from unauthorized use. If you provided confidential information through a spoof (fake) website, or suspect that an unauthorized party has accessed or has attempted to access your Welistyou account, take the following actions.

First, check with family members and others who may use your account to verify that they did not make any changes. After you have done so, attempt to sign in to your account.

If you are not able to sign in, contact Welistyou for additional assistance. If your account has been compromised, Welistyou will work with you to secure your account. Welistyou will send you a request that you change your password (not provide your password) and may place a temporary hold on your account.
If you are able to sign in, take the steps outlined below to secure your account.

Change the password on your personal email account. If a third party has access to your email account, they may be able to gain access to your Welistyou account. Therefore, it is important to ensure that your email account is secure. *Make sure your email account password is different from your Welistyou password. Learn about creating a secure password to help prevent any unauthorized account changes in the future.
*Request a new Welistyou password. After you enter your User ID on this page, you are prompted to answer at least one of a number of questions related to your account. Once you have answered at least one of the questions provided, an email is sent to you with instructions that allow you to complete your password change.

If you are still unable to change your password, review your contact information be sure that the email address on your account is correct, and check the spam filtering settings on your email account to see if the filter is preventing receipt of email from Welistyou.

• Change the Secret Question and Answer on your Welistyou account. If you don't have a secret question, you can create one now. Read tips on choosing an effective secret question.
• Verify your personal contact information registered on your Welistyou account and change anything that isn't correct. If your account was compromised, the contact information on your account may have been changed without your permission. In addition, if the contact information on your account has not been updated recently, you may need to update the information on your account.
• Search for any active listings or listings that may be unauthorized. You can review active listings and listings from your My Welistyou Account page. If you find any active listings or listings that are unauthorized, you may be able to retract the listing and end the listings. If you see unauthorized fees when *you review your listing account, please contact Welistyou to request a credit.
• Take steps to protect your identity. Sensitive information submitted to Welistyou, including credit card and bank account information, is stored on a secured server and cannot be accessed through your Welistyou account. Although this information cannot be obtained through Welistyou, you should take steps to protect your identity if you provided information to a spoof Website or replied to a spoofed email.
• Educate yourself on how to recognize and report spoof email and Websites impersonating Welistyou. The most common way for a Welistyou account to be compromised is through spoof emails designed to access members' passwords and other sensitive information. Please forward any suspicious or unexpected emails claiming to be from Welistyou to us at the email address spoof@Welistyou.com. It's also a good idea to review the Spoof Tutorial and other online security information available from the Welistyou Support Center.

Contacting Welistyou:
If you are unable to sign in to your Welistyou account, or if you require additional assistance, contact us immediately through Live Help.

Protecting Yourself from Identity Theft:
If there has been reports of people attempting to obtain Welistyou member’s private information by sending emails that impersonate Welistyou. These emails, called spoof or phishing emails, request members to send account and personal information in a reply email or enter this information through a spoof or phishing website.

If you provide confidential information through a fake website, you should take measures to both secure your Welistyou account and your identity.

Change your Welistyou password immediately and create a secure password. If the password on your email account is the same as your Welistyou account, you must also change your email password. Do not use the same password for both your Welistyou account and your email account. 
Upgrade your browser. Browsers with the latest anti-phishing capabilities make recognizing spoof (fake) websites easier.
Go to Securing Your Welistyou Account and Reporting Account Theft to learn more about what you can do if you suspect that an unauthorized party has accessed or has attempted to access your Welistyou account.

PROTECT YOUR IDENTITY:

1. Place a fraud alert on your credit reports, and then review them. Fraud alerts can help prevent an identity thief from opening any more credit in your name. You only need to contact one credit bureau, because federal law requires that the one you contact must also alert the other credit bureaus.
2. Contact your credit card company. If you entered a credit card number, you should contact your credit card company to cancel your account and alert them to the situation. Follow your credit card issuer's instructions for formally documenting the problem. 
3. Contact your bank. If you provided bank account information, you should contact your bank and ask for instructions about protecting your account.
4. File a Police Report. File a report with your local police or the police in the community where the identity theft took place. Make a copy of the report and note the date it was filed in case your credit card company or bank needs proof of the crime.
5. File an identity theft complaint with the Federal Trade Commission. The Federal Trade Commission (FTC) maintains a database of identity theft cases. Information submitted to the FTC is used by law enforcement agencies to assist with investigations.

To file a complaint with the FTC, use one of the following contact options:
Web site: www.consumer.gov/idtheft
Fraud Hotline: 202-326-2502

Credit Bureau Contacts:
Report the fraud to one of the three credit bureaus listed below. Ask them to place a "fraud alert" on your file so that no new credit can be granted without your approval. Make certain to follow-up with a written report after a phone call. Once you've placed your alert, you are entitled to a free copy of your credit file from each credit bureau. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain. Verify that information, like your Social Security Number, addresses, name or initials, and employers are correct. Continue to check your credit reports periodically to make sure no new fraudulent activity has occurred.

Credit Bureau
Address
Order Credit Report
Report Fraud

Equifax
P.O. Box 740241
Atlanta, GA 30374-0241
           
1-800-685-1111
1-800-525-6285

Experian
P.O. Box 2104
Allen, TX 75013
           
1-888-397-3742
1-888-EXPERIAN

TransUnion
760 Sproul Road
P.O. Box 390
Springfield, PA 19064

1-800-916-8800
1-800-680-7289

You can also find valuable resources at the following websites:

Better Business Bureau Identity Theft Web Site
Identity Theft Resource Center