Don't Take The Bait: Tips On Avoiding "Phishing" Fraud
Thursday July 8, 2004
There is so much spam out there, and the practice of spoofing results in emails going out that seem to be from me (the "from" line has my email address) but are actually viruses or fradulent "phishing" expeditions. Experts say it pays to be cautious on the internet. That's because this sort of mail is on the rise.
BASIC RULES: Get virus protection software, and a firewall program, to protect yourself from the majority of viruses, hacker attacks, and other dangers. And remember that if you get a mail that asks you to click on something, or is soliciting information
from you -- passwords, name, address, account numbers -- assume it's dangerous and delete it. If you get such an email from me, remember that (1) I don't send emails with attachments, and (2) I won't send you emails that ask you to just click on an attachment. If you get such an email from me, it's a spoof -- delete it.
Phishing involves a fraudster pretending to be a legitimate company in order to trick you into revealing personal and financial information. The information is then used to steal the consumers identity. According to the Anti-Phishing Working Group, phishing scams are growing at the rate of 110 percent per month.
Knowing how to recognize phishers, and what to do if you think you have been a victim, can help protect you and your family.
Phishing 101
Phishers hijack the brands of well-known companies, then send out official-looking e-mails, complete with familiar logos and links to realistic-looking Web sites. The e-mails often convey a sense of urgency, warning consumers that their accounts will be closed unless they "confirm" certain information, or telling people they have won a special prize.
Consumers who provide their credit card, bank account or Social Security numbers may soon find that their identity has been stolen. "This kind of phishing uses the Internet instead of a rod and reel. Its goal is to catch consumers," said Shirley Rooker, president of the international nonprofit network of consumer hotlines Call For Action.
What To Look For
An unsolicited e-mail could be a phishing scam if it:
It's wise to treat any unsolicited e-mail requests for financial or personal information with great caution. If you're not sure an e-mail is legitimate, contact the business that supposedly sent the e-mail to verify that it is genuine. (Visit a secure Web site or call a company phone number that you know is legitimate.) When entering personal data at a Web site, look for a "locked padlock" in the browser or "https" at the beginning of the Web address-both mean the site is secure. Also, check your monthly bank and credit card statements to verify that all transactions are legitimate.
"Consumers are the first line of defense against phishing," explained Robert Boxberger, who manages fraud prevention for Providian, one of the nation's largest credit card issuers. "But companies can help, too. Providian monitors transaction activity and alerts cardholders of anything unusual. In addition, we monitor hacker Web sites and chatrooms, looking for places where data is being swapped and then we search for Providian account numbers."
Catching A Phisher
Consumers can forward any suspicious e-mails to the Federal Trade Commission at uce@ftc.govor file a complaint with the FTC at www.ftc.gov. You can also forward unsolicited e-mail claiming to be from Visa or your Visa card issuer to phishing@visa.com.
In June, Visa USA, the Better Business Bureau, Call For Action and the Federal Trade Commission announced an education campaign designed to help consumers identify phishing scams and avoid becoming victims. Comprehensive resources are available on the Internet at http://www.visa.com/phishing, http://www.bbb.org/phishing, www.callforaction.org , and the Web site, http://www.consumer.gov/idtheft.
Phishing involves a fraudster pretending to be a legitimate company in order to trick you into revealing personal and financial information. The information is then used to steal the consumers identity. According to the Anti-Phishing Working Group, phishing scams are growing at the rate of 110 percent per month.
Knowing how to recognize phishers, and what to do if you think you have been a victim, can help protect you and your family.
Phishing 101
Phishers hijack the brands of well-known companies, then send out official-looking e-mails, complete with familiar logos and links to realistic-looking Web sites. The e-mails often convey a sense of urgency, warning consumers that their accounts will be closed unless they "confirm" certain information, or telling people they have won a special prize.
Consumers who provide their credit card, bank account or Social Security numbers may soon find that their identity has been stolen. "This kind of phishing uses the Internet instead of a rod and reel. Its goal is to catch consumers," said Shirley Rooker, president of the international nonprofit network of consumer hotlines Call For Action.
What To Look For
An unsolicited e-mail could be a phishing scam if it:
- Doesn't address you by name
- Asks you to provide personal or financial information-such as your bank or credit card account number, an account password or PIN or your Social Security number or mother's maiden name
- Warns that you have been the victim of fraud or that your account will be closed unless you respond quickly
- Tells you that you have won a prize or vacation and just need to "confirm" certain information
- Has spelling or grammatical errors you wouldn't expect a professional business to make.
It's wise to treat any unsolicited e-mail requests for financial or personal information with great caution. If you're not sure an e-mail is legitimate, contact the business that supposedly sent the e-mail to verify that it is genuine. (Visit a secure Web site or call a company phone number that you know is legitimate.) When entering personal data at a Web site, look for a "locked padlock" in the browser or "https" at the beginning of the Web address-both mean the site is secure. Also, check your monthly bank and credit card statements to verify that all transactions are legitimate.
"Consumers are the first line of defense against phishing," explained Robert Boxberger, who manages fraud prevention for Providian, one of the nation's largest credit card issuers. "But companies can help, too. Providian monitors transaction activity and alerts cardholders of anything unusual. In addition, we monitor hacker Web sites and chatrooms, looking for places where data is being swapped and then we search for Providian account numbers."
Catching A Phisher
Consumers can forward any suspicious e-mails to the Federal Trade Commission at uce@ftc.govor file a complaint with the FTC at www.ftc.gov. You can also forward unsolicited e-mail claiming to be from Visa or your Visa card issuer to phishing@visa.com.
In June, Visa USA, the Better Business Bureau, Call For Action and the Federal Trade Commission announced an education campaign designed to help consumers identify phishing scams and avoid becoming victims. Comprehensive resources are available on the Internet at http://www.visa.com/phishing, http://www.bbb.org/phishing, www.callforaction.org , and the Web site, http://www.consumer.gov/idtheft.
Comments
No comments yet. Leave a Comment