|
Recommended:
books
Recommended
AV product:
| |
Phishing - Fake Requests for Personal Financial Information
What is Phishing?
Phishing is a method thieves and con men used to get personal information
from you in order to steal your identity and then your money or benefits.
Pretending to be from a legitimate retailer, bank, or government agency, the
sender asks to “confirm” your personal information for some made-up reason: your
account is about to be closed, an order for something has been placed in your
name, or your information has been lost because of a computer problem.
Typically, you receive an email from a bank asking you to go to its site (with
the link provided) to reenter your most personal information. The link takes you
to a bogus website! Another
tactic phishers use is to say they’re from the fraud departments of well-known
companies and ask to verify your information because they suspect you may be a
victim of identity theft! In one case, a phisher claimed to be from a state
lottery commission and requested people’s banking information to deposit their
“winnings” in their accounts.
Gartner
Group reports that, from May, 2005, over
1.8m consumers have been conned by phishing attacks into revealing
sensitive information. The majority of that was in 2004 to present.
Phishing emails have increased by 4000 % in the past 6 months. The average
consumer victim loses $1200 when his bank account is taken over.
The United States Treasury even has a
warning about phishing
scams. In short,
There are a number of examples
of phishing emails to
look at on this page.
"Vishing" - Phishing by Telephone
A variant, “vishing” uses telephone systems. A vishing scam occurs when a
consumer receives a recorded message telling them a credit card and/or financial
institution account has been breached and to immediately call a number provided
in the message. The phone number leads the consumer to a fraudulent call center
where people are asked to supply or verify pertinent financial account, social
security or credit card information.
History of Phishing
Phishing scams began in the mid-1990s not to obtain bank or credit card
information, but to get free online access. In those days, ISPs like AOL charged
by the minute. Phishers would try to obtain AOL members login user id and
passwords by sending e-mails appearing to come from AOL's member services
department. The fake email would ask recipients to verify their user names
and passwords. The scammers would then log on, using the victims' accounts, and
run up a bill.
Phishers target a variety of customers: from CitiBank (which is
currently used in
54 per cent of phishing messages) to AOL, Amazon.com, Ebay, PayPal
and others.
What do Phishers do with the Information Today?
Now the criminals use the information they obtain to apply for new credit
cards in the victim's name, withdraw money directly from victims' bank accounts,
and spend, spend, spend... the victim's money
In some cases, the scammers act as a clearinghouse, selling stolen credit card
numbers in online forums to others who use the information. Amazingly, the
stolen account numbers usually only bring a dollar or two each!
What Can you Do to Protect Yourself from Phishing Theft
- First, DON'T click on the link in an email that asks for your personal
information. It will take you to a phony Web site that looks just
like the Web site of the real company or agency. Following the
instructions, you enter your personal information on the Web site – and
into the hands of identity thieves. To check whether the message is
really from the company or agency, call it directly or go to its Web
site. If you don’t have the telephone number, get it from the phone
book, the Internet, or directory assistance. Use a search engine to find
the official Web site. Banks wouldn't ask for your mother's maiden name.
Also, look for misspellings in the bogus e-mail. If you get an email that
warns you, with little or no notice, that an account of yours will be shut
down unless you reconfirm your billing information, do not reply or click on
the link in the email. Instead, contact the company cited in the email using
a telephone number or Web site address you know to be genuine.
- If someone contacts you and says you’ve been a victim
of fraud, verify the person’s identity before you provide any personal
information. Legitimate credit card issuers and other companies may
contact you if there is an unusual pattern indicating that someone else
might be using one of your accounts. But usually they only ask if you
made particular transactions; they don’t request your account number or
other personal information. Law enforcement agencies might also contact
you if you’ve been the victim of fraud. To be on the safe side, ask for
the person’s name, the name of the agency or company, the telephone
number, and the address. Then get the main number (see tip above) and
call to find out if the person is legitimate.
- Check out the list of recent
phishing attacks and the information about
Phishing Pop-ups!
- Look at these examples of phishing emails to be familiar!
- Job seekers should also be careful. Some phishers
target people who list themselves on job search sites. Pretending to be
potential employers, they ask for your social security number and other
personal information. Follow the advice above and verify the person’s
identity before providing any personal information.
- Be suspicious if someone contacts you unexpectedly and
asks for your personal information. It’s hard to tell whether
something is legitimate by looking at an email or a Web site, or talking
to someone on the phone. But if you’re contacted out of the blue and
asked for your personal information, it’s a warning sign that something
is “phishy.” Legitimate companies and agencies don’t operate that way.
- Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINs, or passwords to a phisher, notify
the companies with whom you have the accounts right away. For
information about how to put a “fraud alert” on your files at the credit
reporting bureaus and other advice for ID theft victims, contact the
Federal Trade Commission’s ID Theft Clearinghouse,
www.consumer.gov/idtheft or toll-free, 877-438-4338. The TDD number
is 202-326-2502.
- Avoid emailing personal and financial information. Before
submitting financial information through a Web site, look for the "lock"
icon on the browser's status bar. It signals that your information is secure
during transmission.
- Review credit card and bank account statements as soon as you
receive them to determine whether there are any unauthorized charges. If
your statement is late by more than a couple of days, call your credit card
company or bank to confirm your billing address and account balances.
- Even if you didn’t get hooked, report phishing. Tell the company or agency that the phisher was impersonating.
Send the actual spam to
 and
spam@uce.gov. You can
also report the problem to law enforcement agencies through the National
Fraud Information Center/Internet Fraud Watch,
www.fraud.org or 800-876-7060, TDD 202-835-0778. The information you
provide helps to stop identity theft.
If you need advice about an Internet or online
solicitation, or you want to report a possible scam, use the
Online
Reporting Form or call the NFIC hotline at 1-800-876-7060.
To report to the organization impersonated in the email you received, write
directly to the company or organization. Here are the real websites, email
addresses and phone numbers of some of the more common targets of spoofing /
phishing:
For More Information About Phishing, See:
|
