The Attack of the Big Phish

Are you familiar with phishing scams? I get several in my inbox every day, and I bet you do too.

Phishing is a one of the fastest-growing cybercrimes, according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.

You can identify a phishing scam by its urgent tone asking you to immediately update your account. There are many other telltale signs, which I'll cover later, but the smartest thing you can do is to resist the temptation of opening this dangerous email and instead delete the bait immediately.

Our advisors have written about phishing quite extensively, and the results of a recent study may encourage us to revisit these posts. A study conducted by Harvard University and University of California at Berkeley revealed that participants were vulnerable to phishing attacks no matter what their education level or computer savvy. Ninety percent of the users were fooled by good web design despite numerous phishing clues, such as questionable URLs, lack of security indicators, and even pop-up alerts.

Identity theft is big business, and phishing schemes are harder to spot than you think. Email is still the most popular method, but as digital thieves get more sophisticated, so do their tactics. Learn about the latest phishing techniques reported.

Email Phish

Always be suspicious of any email coming from any financial institution or online payment service such as PayPal. As a rule of thumb, never click on emails coming from unknown sources. Instead, learn to recognize spoof emails by checking web addresses, word misspellings, and security indicators, such as a locked padlock on the browser frame. Don't even click on them out of curiosity. Those sites may install keylogger software that records your keystrokes, then sends this information back to the scammers. If you want to know what a phishing email looks like, visit the Anti-Phishing Working Group web site for examples of actual emails sent.

Phone Phishing Is Alive and Kicking

If you think email is the only way scammers can get you to divulge personal information, you're wrong. Last year, the FBI issued a warning to the public regarding a scheme involving jury service. Apparently, a group of individuals has been disguising themselves as U.S. Court employees and contacting citizens to advise them that they have been selected for jury duty. They ask to verify names, Social Security numbers, and ask for credit card information. When their request is refused, they resort to threatening these citizens with fines. If you get one of these calls, report it immediately.

One of the latest phone phishing scams involved the use of VoIP (Voice over Internet Protocol). Voice mails led unsuspecting users to believe their bank accounts had been frozen, and they were asked to call the provided number. A friendly message prompted them to enter their PIN number and bank account information. What they didn't know was that all the information they provided was being collected by phishing criminals. According to TechWeb, these methods use automated scripts to initiate the VoIP calls and a spoof caller ID so they appear legitimate.

Both methods are equally scary and prove that phishing is no longer confined to the web.

Social Networks Get Phished Too

Places like MySpace have also been targeted, and users are receiving bulletins titled, "Check out these old school pictures..." When users click the link, they're directed to a site that looks exactly like a MySpace login screen. Malware is then installed on their computer, capturing login information to test their other accounts. Check out Dory's post for the latest tactics on MySpace phishing.

What to Do if You've Been Phished?

If you think your account has been compromised, the best thing you can do is report it to your bank. Alert bank officials immediately, and close any account you think may have been compromised. You should also contact one of the the three consumer reporting agencies to place a fraud alert on your account. This will raise a red flag if anyone tries to open a credit card account using your name. Don't forget to contact your local police department, and file a complaint with the FTC and FBI's Internet Complaint Center.

Hope this information keeps you on your toes. Also, check out part two of this phishing scam report, where I will show you how to spot a spoof email like a pro.