It’s Phishing Season!
“Phishing” (pronounced: fishing) may lend itself to corny headlines, but it describes a serious, sophisticated practice in which Internet con artists-- using bogus emails and websites designed to look like those of legitimate companies, banks, or government agencies-- trick unwitting customers into divulging sensitive financial and personal information.
In a typical phishing scam, the perpetrator copies the webpage code from a well-known site and uses it to set up a replica page, complete with company logo, fonts, styles, and links to mimic the real company web pages. He or she then uses spamming techniques to send a million or more e-mails with a single click. The e-mails advise Internet users that their billing information needs to be confirmed or updated because of a technical or security problem and directs them to click on a hyperlink to reach the official corporate or institutional website.
In actuality, the link sends them to the scammer’s look-alike page. Once there, the user is asked to provide credit card information, password, personal identification number, Social Security number, mother’s maiden name, and other closely guarded data. Armed with this information, the scammer can proceed to run up charges in the users name, empty bank accounts, apply for loans or new credit cards, and commit many types of identity theft. For every 1 million e-mails sent out, 50,000 people will “take the bait” and will be victims.
| back to top |
Estimates:
More than 57 million Internet users in the US have received some sort of e-mail related to a phishing scam.
- Close to 2 million checking accounts have been exploited.
- Annual losses associated with phishing exceed $2 million.
Public awareness is the key, as it is in fighting all types of crime. People need to be suspicious of any e-mail that solicits credit card or other confidential information; that is not how legitimate companies work. They should not click on the hyperlink and should not send a hard copy to report the incident; rather, they should forward the e-mail as an attachment to an appropriate resource. To trace a bogus e-mail, investigators need to “look under the hood” at the code beneath the headers to figure out its source—not a simple task. Phishing e-mails are often relayed through dozens of servers in an attempt to hide the sender’s true location.
If you get hooked…
If you receive a possible phishing e-mail, do not respond to it. Send copies of the e-mail to the Federal Trade Commission (FTC) at uce@ftc.gov and to the Anti-Phishing Working Group at reportphishing@antiphishing.org. Also send a copy of the e-mail to the “abuse” e-mail address at the company that is being spoofed (e.g., spoof@ebay.com).
If you have already disclosed your personal information to a possible phishing e-mail or website, immediately file an online complaint with the Internet Crime Complaint Center (a joint project of the FBI and the National White Collar Crime Center) at http://www.ic3.gov. Also go to the FTC’s identity theft website at http://www.consumer.gov/idtheft/ and follow the directions there for reporting information to credit bureaus, credit card companies, and law enforcement.
In addition, an article titled “Protect Yourself Online” in the September 2004 edition (Vol. 69,No. 9) of Consumer Reports offers information and resources regarding phishing scams, computer viruses, junk e-mails (spam) and spyware.
| back to top |
|
