Sunday, October 5, 2008

Phishing

Phishing (pronounced fishing) is an attempt to get unsuspecting victims to divulge personal, confidential information under the guise of a legitimate request. This has been around for a long time via telephone, in person or through regular mail. In addition, several computer viruses have been used in an effort to silently capture information from infected machines. This article will discuss email phishing.

Whether through traditional means or email the bottom line is the same—be very careful providing your personal information.
• The scam begins when you receive a legitimate looking email from a reputable company. The links in the email would take you to bogus site that mimics the real reputable company. If you provide your personal information on this bogus site, you are most likely giving it directly to someone who will use it to steal your identity.
• Sometimes the email actually claims you may be a victim of identity theft if you don’t confirm your information.
• Another thing to notice is most phishing scams originate internationally and written by people who are not fluent in English ---misspelled words, incomplete sentences, awkward phrases and the like.
• In some instances the automatic downloading of images are turned off.

If you suspect that an email may be a phishing scam, you can view the service code of an HTML email message to see where a link actually goes (click on the View menu and then on page source on the drop down list).

If there is a link in the email, do not click on it, copy and paste the link to your address bar. You can still get tricked by URLs that look legitimate but have one or two letters switched.

Remember!
1. No legitimate company would ask you to provide personal information to them in this manger
2. View source Code of a HTML email message to determine where the link actually takes you
3. Be wary of emails that contain misspelled words, incomplete sentences, and awkward phrases
4. Don’t give your personal information to anyone unless you trust them and have initiated this contact yourself via a telephone number or address that you know to be valid.

To learn more about phishing visit the Federal Citizens Information Center at http://www.pueblo.gsa.gov/scams/sc5180.htm or call 1-888-873-3256. To learn more about identity theft visit www.identityprotection101.com/monitor_credit. To track down suspicious IP addresses or host, try a free online service such as samspade.org. You can send suspicious email to the US Federal Trade Commission at https://www.ftccomplaintassistant.gov/ or you can click the “Report Spam” (or similar) button on your email program.


If you are a victim of phishing:

1. Report it to your financial institution
2. Put a fraud alert on your credit report
3. Keep a close watch on your mail and your accounts…if statements stop or if you see unusual activity, call your financial institution immediately.


The Federal Trade Commission provides useful resources:

How Not to Get Hooked By the Phishing Scam
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.pdf

How Not to Get Hooked by a ‘Phishing’ Scam
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.pdf

Next article will be on Pharming (pronounced farming).
Information for this article was gathered from various sources including American Express Company and Justin Pritchard “Your Guide to Banking/Loans”.


2 comments:

Tammy@Scam-Protection said...

As you pointed out in your article, all phishing scams are not the same. Different means may be used to capture information.

For example, scammers are known to send malware to people in positions of authority at certain companies. Presumably, these individuals would be well trained in the measures that the thieves would use.

For this reason, they are sent malware that works in the background.

AvaByGrace said...

Thanks for sharing your knowledge of phishing with us, Tammy.

There was an error in this gadget