Search
    Google
    Tip of the Day Blog
    The Web
« Online Resources regarding Employment Law | Main | Printing Your Digital Pictures »
Monday
Apr122004

Phishing

TIP OF THE DAY

Phishing

What is Phishing?
Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

The email pretends to come from businesses the potential victims patronize ? for example, Internet service providers, online payment services, well-known national retailers, and banks.  Thieves make up some story (often basing part of the story in fact) designed to trick victims into providing personal information.  The email directs the recipient to click on a provided hyperlink to clear up the problem.  The hyperlink leads to a server (usually in another country) on which a fraudulent imitation of a legitimate website appears.  This scam is often referred to as "phising" or "carding".

The deceived individual is then prompted to enter confidential personal information collected to perpetrate identity theft.  The victim is usually then redirected to a legitimate website to obscure the fact that he or she just gave away personal financial information to crooks.  You may recall hearing of these scams purporting to come from Best Buy, Citibank, eBay, Earth Link, FDIC (Federal Deposit Insurance Company), the IRS, PayPal, and U.S. Bank?just to name a few (a group that tracks this type of scam and posts information is located at www.anti-phishing.org).


DO NOT PROVIDE PERSONAL INFORMATION TO SOMEONE WHO CALLS OR EMAILS YOU

Regardless of who they claim to be, treat people who call or email you seeking personal or financial information as potential thieves who may be trying to steal your identity.  Do NOT provide people who call or email you with any personal information.  The thieves change their disguised identity by adopting a new alias.


PROTECT YOURSELF.  Follow the Federal Trade Commission's following guidance:
  • If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or website address you know to be genuine.


     
  • Avoid emailing personal and financial information. Before submitting financial information through a website, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.


     
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.


     
  • Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft website (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.

EmailEmail Article to Friend