Identity Theft Goes “Phishing” for Consumers’ Credit Information

What is phishing? Phishing...don't get caught!

Phishing is an online scam used to commit identity theft. A fraudulent, but official-looking e-mail is sent to a user in an attempt to con that user into divulging personal and/or private information, which is then used for identity theft.


How phishing operates

Phishers spam huge numbers of users with a seemingly credible e-mail that instructs the user to visit a Web site (also fraudulent) where they are prompted to enter or update their personal or private information (such as passwords and credit card, social security, and bank account numbers). Phishers also use pop-ups to try and scam users into entering sensitive information.

What actually happens, to the trusting users who submit this information in response to a Phishing attempt, is that identity thieves steal the user’s information and their accounts are emptied.

Phishing attempts are extremely sophisticated and it can be extremely difficult to tell if the e-mail or Web site is real. However, NO credible organization (like your bank, credit card company or social security office) will ever ask you for those kinds of details in an e-mail.

Phishing got its name from the idea that bait is cast out among many fish, some of which actually bite, become hooked and are reeled in.

How to tell a phishing attempt from a legitimate e-mail

You may have seen a phishing expedition and not have known it. Many people fall prey to e-mail scams for the simple fact that such notifications look legitimate. Phishers will use a trusted company’s logo, tag line, and seemingly, similar e-mail address.

There are several things to look out for regarding phishing attempts

Typical phishing e-mails will tell you that your account has come under review, may be in danger of being suspended and/or cancelled, and some piece of information needs to be verified or updated, i.e.: your credit card number, bank account number, social security number, or other personally identifiable data. Look for phishing e-mails with spelling typos, i.e.: “Account Veerification Request”, or characters in odd placement: “Requesting : Account : Update”

When you think of phishing, think of fishing. Similar to how anglers use bait to lure fish, online scammers use certain tactics to lure us into giving them our valuable information under false pretenses. Since information is so readily available to everyone via the Internet, recognizing our online weaknesses will help us correct them.

What to do about phishing attempts
Merchants have done a great job of stepping up their customer ID protection services. Most banks and credit card companies utilize state of the art data encryption to protect you while you conduct your business online and most also post anti-fraud messages clearly on their homepages.


Protect yourself from phishers:
 

Remember:
1.       Never answer email requests for personal information – legitimate organizations don’t ask for such information via email.

2.       Visit web sites by typing the URL into your address bar rather than clicking on a hyperlink.

3.       Check to make sure the web site is using encryption.

4.       Regularly review your credit card and bank statements.

5.       Report suspected abuses of your personal information to the proper authorities.

Tips for a “spoof-proof life”

1.       Be suspicious of e-mails that don’t greet you by name.  A message that says “Dear eBay Customer” is probably not from eBay.

2        Ask yourself, Why is the company e-mailing me about this?  If you have any doubts, call the company.

3.       Don’t click on attachments, which could contain viruses or spyware, which records where you go online and captures any passwords or credit card numbers you type online.

4.       Look for “https:” in the URLs displayed in your browser’s address bar.  The “s” stands for “secure.”  If you don’t see it, you’re not in a secure Web session and should not enter any personal or financial data.

5.       If you see an “@” symbol in the middle of a URL, there a good chance it’s a phishing site, as legitimate companies use the domain name in their Web address (www.companyname.com) and don’t have an “@” symbol in their URL.

6.       Maintain up-to-date firewalls and security patches.

7.       If your information is compromised, get a fraud alert placed on your credit report.

8.       Visit www.consumer.gov/idtheft for more information on how to protect yourself from identify theft.

More information about phishing may be found at the following web sites:

Microsoft: http://www.microsoft.com/athome/security/email/phishing.mspx

The Federal Trade Commission at http://www.ftc.gov/opa/2003/07/phishing.htm

The Anti-Phishing Working Group at http://www.antiphishing.org

 

Home