|
LOMA : Articles
Caution: Phishing
May Be Dangerous
In the May,
2005 issue of Tech Talk, John Anderson wrote about some of the ways
that hackers get your identity by Pharming and Phishing. This month, I am
going to go into a little more detail about the dangers posed by phishing
in light of the serious increase in the incidents of identity theft.
According to the free online web dictionary Wikipedia (www.wikipedia.com)
"phishing (also known as carding and spoofing) is the act of attempting to
fraudulently acquire sensitive information, such as
passwords and
credit card details, by masquerading as a trustworthy person or
business with a real need for such information in a seemingly official
electronic notification or message (most often an email, or an instant
message) The term phishing comes from the fact that Internet scammers are
using increasingly sophisticated lures as they "fish" for users' financial
information and password data."
Generally you will receive an email message from your bank,
your ISP, ebay, Amazon, PayPal or some other large institution with whom
you may have done business. The email looks amazingly legitimate. The
message usually indicates that there is some sort of problem and that they
need some confidential information in order to fix it. Very often there
will also be a link to what appears to be a very legitimate website.
To see how difficult it is to distinguish some of these
phishing sites from real sites, MailFrontier has a quiz that you can take
to see if you can determine which are real and which are not. Go to
http://survey.mailfrontier.com/survey/quiztest.html. I highly
recommend you, everyone in your office and your family take this test.
You will be stunned at how easily you can be fooled.
Phishing scams are no different in theory than the phone scams
when people called pretending to be your bank and people were tricked into
giving out their bank account numbers. Most legitimate institutions will
NOT contact you via email and ask for confidential information. If you
any one in your office or family gets a message like this, you can file a
complaint with the Federal Trade Commission at
www.ftc.com.
In addition, you can get information on what to do if you have
given out or think you may have given out any confidential information by
going to the Anti-Phishing Working Group at
http://www.antiphishing.org/consumer_recs2.html
The FTC has the following recommendations on how to avoid
being the victim of phishing.(How Not to Get Hooked by a Phishing Scam
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm)
1. If you get an email or pop-up message that asks for
personal or financial information, do not reply. And don’t click on the
link in the message, either.
2. Use anti-virus software and a firewall, and keep
them up to date.
3. Don’t email personal or financial information. If you are
going to send confidential information over the internet make sure it is a
secure site. By this time you should all know how to determine if a site
is secure. It will have a " whole key" or lock in the corner of the site
on the status bar as opposed to a "broken key" or it will have "https" in
the URL. The "s" stands for secure
4. Review credit card and bank account statements as soon as
you receive them. I now write down every purchase I make each month on my
credit card and I compare it to what is on my statement. I also save all
receipts in a separate file folder. (Just as an aside, this exercise of
writing down all my credit card purchases and keeping that information
with me has actually caused me to use my credit card less and thus save me
from buying "stuff" I really do not need. I have actually saved money by
writing it down.)
5. Be cautious about opening any attachment or downloading any
files from emails. If you were not expecting an attachment from someone,
contact that person to make certain that it is legitimate.
6. Forward spam that is phishing for information to
spam@uce.gov and to the company, bank,
or organization impersonated in the phishing email. Most organizations
have information on their websites about where to report problems. This
is important to do if you want to try to slow down some of these
criminals.
7. If you think you have been the victim of a phishing
expedition, file a complaint with the FTC. You should also consider
getting a copy of your credit report to make certain no one is open credit
cards in your name. You can go to
www.annualcreditreport.com
to get a copy of your report. Unfortunately, the free credit reports will
not be available in Maryland until September, 2005 but the cost for
ordering them is very low and it is something you should consider. If you
want more information on identity theft go to
http://www.consumer.gov/idtheft/.
Although many
of these scams are very slick, there are some things to look for to
determine if it is a phishing scam.
1. It says it is not a scam.
2. It requires immediate action.
3. It asks for sensitive information. It usually asks for
information about account numbers or financial information.
4. It will usually direct you to a site or form to put in
this confidential information. This site will look legitimate.
5. The site/message will contain typographical or grammatical
errors.
6. The message will be impersonal. Most legitimate
institutions have your information and will personalize messages to you.
(These tips taken from A Memo On Phishing website at
http://www.geocities.com/phishingmemo/)
For every new
technology or invention, there will be people who will try to exploit it.
Criminals and scam artists have been around since the beginning of time.
Only the tools have changed. Just remember everything your mother told
you: Be careful. If it doesn't seem right, it probably isn't. Eat your
vegetables. |
