The Attack of the Big Phish

Mon Sep 25, 2006 9:52AM EDT

See Comments (138)

Are you familiar with phishing scams? I get several in my inbox every day, and I bet you do too.

Phishing is a one of the fastest-growing cybercrimes, according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.

You can identify a phishing scam by its urgent tone asking you to immediately update your account. There are many other telltale signs, which I'll cover later, but the smartest thing you can do is to resist the temptation of opening this dangerous email and instead delete the bait immediately.

Our advisors have written about phishing quite extensively, and the results of a recent study may encourage us to revisit these posts. A study conducted by Harvard University and University of California at Berkeley revealed that participants were vulnerable to phishing attacks no matter what their education level or computer savvy. Ninety percent of the users were fooled by good web design despite numerous phishing clues, such as questionable URLs, lack of security indicators, and even pop-up alerts.

Identity theft is big business, and phishing schemes are harder to spot than you think. Email is still the most popular method, but as digital thieves get more sophisticated, so do their tactics. Learn about the latest phishing techniques reported.

Email Phish

Always be suspicious of any email coming from any financial institution or online payment service such as PayPal. As a rule of thumb, never click on emails coming from unknown sources. Instead, learn to recognize spoof emails by checking web addresses, word misspellings, and security indicators, such as a locked padlock on the browser frame. Don't even click on them out of curiosity. Those sites may install keylogger software that records your keystrokes, then sends this information back to the scammers. If you want to know what a phishing email looks like, visit the Anti-Phishing Working Group web site for examples of actual emails sent.

Phone Phishing Is Alive and Kicking

If you think email is the only way scammers can get you to divulge personal information, you're wrong. Last year, the FBI issued a warning to the public regarding a scheme involving jury service. Apparently, a group of individuals has been disguising themselves as U.S. Court employees and contacting citizens to advise them that they have been selected for jury duty. They ask to verify names, Social Security numbers, and ask for credit card information. When their request is refused, they resort to threatening these citizens with fines. If you get one of these calls, report it immediately.

One of the latest phone phishing scams involved the use of VoIP (Voice over Internet Protocol). Voice mails led unsuspecting users to believe their bank accounts had been frozen, and they were asked to call the provided number. A friendly message prompted them to enter their PIN number and bank account information. What they didn't know was that all the information they provided was being collected by phishing criminals. According to TechWeb, these methods use automated scripts to initiate the VoIP calls and a spoof caller ID so they appear legitimate.

Both methods are equally scary and prove that phishing is no longer confined to the web.

Social Networks Get Phished Too

Places like MySpace have also been targeted, and users are receiving bulletins titled, "Check out these old school pictures..." When users click the link, they're directed to a site that looks exactly like a MySpace login screen. Malware is then installed on their computer, capturing login information to test their other accounts. Check out Dory's post for the latest tactics on MySpace phishing.

What to Do if You've Been Phished?

If you think your account has been compromised, the best thing you can do is report it to your bank. Alert bank officials immediately, and close any account you think may have been compromised. You should also contact one of the the three consumer reporting agencies to place a fraud alert on your account. This will raise a red flag if anyone tries to open a credit card account using your name. Don't forget to contact your local police department, and file a complaint with the FTC and FBI's Internet Complaint Center.

Hope this information keeps you on your toes. Also, check out part two of this phishing scam report, where I will show you how to spot a spoof email like a pro.

Top 5 Posts

Comments on The Attack of the Big Phish

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 126 Posted by jarhead265 on Thu Sep 3, 2009 4:28PM EDT Report Abuse

    Very good article always beware the buyer or buyer beware if it seems too good it needs to be looked at never give out information on yourself always keep your guard up.

  • 127 Posted by gloria_brown20 on Thu Sep 3, 2009 4:10PM EDT Report Abuse

    Thank you for this valuable information, I wish I could get rid of the mail from Nigeria and the UK saying I won all sorts of money.

  • 128 Posted by tt0467 on Thu Sep 3, 2009 10:23PM EDT Report Abuse

    Thanks for the updates. I need to tell my teenagers about this because they are on the home computer more than I am.

  • 129 Posted by azorhaf84 on Thu Sep 3, 2009 3:00PM EDT Report Abuse

    Article is good, but i can not see here the imoportat therm: "social engineering" - thisways to hack humans are "social engineering". The biggest risk in company.

  • 130 Posted by britcom20002000 on Thu Sep 3, 2009 3:13PM EDT Report Abuse

    Also be aware of someone calling you saying you owe money to them via a credit card. This happened to my husband last year. The person on the phone DEMANDED to speak with him about a debt but would not tell me a thing, despite our joint credit. The person got angrier and angrier as I asked questions. Finally my husband went on the phone and the person badgered him for his birthday and SS #. My husband told them NO and hung up. Never heard a thing after. We did some research..it's another scam. DO NOT GIVE INFORMATION over the phone.

  • 131 Posted by mehitabel55 on Thu Sep 3, 2009 7:15PM EDT Report Abuse

    Thanks for this article! It concerns me that we could have fallen for the jury duty scam. I always tell phone scammers that we simply never give out information over the telephone. If it's official business, it will come by REGISTERED MAIL. This insures your privacy. Any legitimate business knows this.

  • 132 Posted by tygra01 on Thu Sep 3, 2009 10:25PM EDT Report Abuse

    Thanks for the info. Someone tried to phish me. What tipped me off right away is they were using an e-mail address not registered with my bank. I keep a specific e-mail for business and one for other things. I never use my business e-mail address when on my leisure e-mail account and never conduct business transactions on the leisure account.

  • 133 Posted by billyleslie2003 on Thu Sep 3, 2009 3:08PM EDT Report Abuse

    This is helpful, also, could you let users know how to find out if the keylogger software referred to in the article has been downloaded onto our computers through one of these schemes?

  • 134 Posted by virgeolabob678 on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    boy this is pretty scarey, I just got an e-mailfrom microst so they said but found out it was a scam . I WAS RICH FOR ABOUT 20 MIN . this was sopse to be a Bill gates gift. Thank you

  • 136 Posted by stilldryguy on Thu Sep 3, 2009 9:43PM EDT Report Abuse

    My brother in law told me about the Jury duty phising exercise. Lately someone keeps calling me at home and aasking for someone else. Today all I had to hang up when they said if you are not so and so just hang up. I did..I hope I don't hear from them tomorrow. They always call between twelve p.m. and one p.m.

  • 137 Posted by 101charley@sbcglobal.net on Thu Sep 3, 2009 2:42PM EDT Report Abuse

    The internet has degenerated into a den of thieves and con artists. I try to avoid whenever possible. I hate it.

  • 138 Posted by hiwar3 on Thu Sep 3, 2009 4:19PM EDT Report Abuse

    I have recieved a scam thru email concerning the UK lottery Board. what do I do and who should I forward it to, if anyone? is ther any asistance for me? Hiwar3

More Posts: First Prev 6 7 8 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.