The Attack of the Big Phish

Mon Sep 25, 2006 9:52AM EDT

See Comments (138)

Are you familiar with phishing scams? I get several in my inbox every day, and I bet you do too.

Phishing is a one of the fastest-growing cybercrimes, according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.

You can identify a phishing scam by its urgent tone asking you to immediately update your account. There are many other telltale signs, which I'll cover later, but the smartest thing you can do is to resist the temptation of opening this dangerous email and instead delete the bait immediately.

Our advisors have written about phishing quite extensively, and the results of a recent study may encourage us to revisit these posts. A study conducted by Harvard University and University of California at Berkeley revealed that participants were vulnerable to phishing attacks no matter what their education level or computer savvy. Ninety percent of the users were fooled by good web design despite numerous phishing clues, such as questionable URLs, lack of security indicators, and even pop-up alerts.

Identity theft is big business, and phishing schemes are harder to spot than you think. Email is still the most popular method, but as digital thieves get more sophisticated, so do their tactics. Learn about the latest phishing techniques reported.

Email Phish

Always be suspicious of any email coming from any financial institution or online payment service such as PayPal. As a rule of thumb, never click on emails coming from unknown sources. Instead, learn to recognize spoof emails by checking web addresses, word misspellings, and security indicators, such as a locked padlock on the browser frame. Don't even click on them out of curiosity. Those sites may install keylogger software that records your keystrokes, then sends this information back to the scammers. If you want to know what a phishing email looks like, visit the Anti-Phishing Working Group web site for examples of actual emails sent.

Phone Phishing Is Alive and Kicking

If you think email is the only way scammers can get you to divulge personal information, you're wrong. Last year, the FBI issued a warning to the public regarding a scheme involving jury service. Apparently, a group of individuals has been disguising themselves as U.S. Court employees and contacting citizens to advise them that they have been selected for jury duty. They ask to verify names, Social Security numbers, and ask for credit card information. When their request is refused, they resort to threatening these citizens with fines. If you get one of these calls, report it immediately.

One of the latest phone phishing scams involved the use of VoIP (Voice over Internet Protocol). Voice mails led unsuspecting users to believe their bank accounts had been frozen, and they were asked to call the provided number. A friendly message prompted them to enter their PIN number and bank account information. What they didn't know was that all the information they provided was being collected by phishing criminals. According to TechWeb, these methods use automated scripts to initiate the VoIP calls and a spoof caller ID so they appear legitimate.

Both methods are equally scary and prove that phishing is no longer confined to the web.

Social Networks Get Phished Too

Places like MySpace have also been targeted, and users are receiving bulletins titled, "Check out these old school pictures..." When users click the link, they're directed to a site that looks exactly like a MySpace login screen. Malware is then installed on their computer, capturing login information to test their other accounts. Check out Dory's post for the latest tactics on MySpace phishing.

What to Do if You've Been Phished?

If you think your account has been compromised, the best thing you can do is report it to your bank. Alert bank officials immediately, and close any account you think may have been compromised. You should also contact one of the the three consumer reporting agencies to place a fraud alert on your account. This will raise a red flag if anyone tries to open a credit card account using your name. Don't forget to contact your local police department, and file a complaint with the FTC and FBI's Internet Complaint Center.

Hope this information keeps you on your toes. Also, check out part two of this phishing scam report, where I will show you how to spot a spoof email like a pro.

Top 5 Posts

Comments on The Attack of the Big Phish

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 26 Posted by miconzone on Thu Sep 28, 2006 9:21AM EDT Report Abuse

    Thanks bunches. Some cyberrats got me last week with my Paypal account, and looking back at the emails, I know how they extracted my password. If you have a PayPal account and you have a bank account backing up those funds . . . know that they know how to get to PayPal and to your bank account with only your PayPal password. These rats really went to town and froze my money up all week. You can not be too careful

  • 27 Posted by ffusco59 on Thu Sep 3, 2009 3:59PM EDT Report Abuse

    All I want to do is to Thank Gina the Techie Diva for the INFO it helps us very much.

  • 28 Posted by neoredspider@sbcglobal.net on Thu Sep 3, 2009 7:35PM EDT Report Abuse

    this article is pretty good but there're other ways you can be trick in internet, for example dree offers, gifts, casino tricks and many be careful with your personal data, remeber that your garbage Is also something that scammers use, and don't fall in games ask for id number or license from the person that is requesting your information online

  • 30 Posted by hkcassidy on Thu Sep 3, 2009 4:19PM EDT Report Abuse

    this just happened to me this week. I received an email from my bank that looked so real that i started to fill it outbut got suspicious and made a call to the bank. They said the would NEVER send an email asking for info so be very careful.

  • 31 Posted by greatpapasmurf@sbcglobal.net on Thu Sep 3, 2009 4:12PM EDT Report Abuse

    After being a victim i submitted info to FBI by e-mail and within seconds i was contacted by phone. This atricle works,i am a lot smarter now!

  • 32 Posted by hyounglas on Thu Sep 3, 2009 4:21PM EDT Report Abuse

    JUST WANTED TO MAKE PEOPLE A WHERE THAT THERE IS A BIG SCAM GOING ON IN THE MYSPACE WORLD, SUCH AS I HAVE FOUND OUT FIRST HAND. THERE ARE MAN AND PROBABLY WOMEN ALSO CLAIM TO BE IN AFRICA, KENYA OR NIGRICA WINNING THE HEARTS OF AMERICANS THEN WHEN THEY DO THEY WILL HITS YOU UP FOR MONEY OR ASK YOU FOR YOUR NAME ADDRESS AND ANYTHING ELSE THEY CAN GET FROM YOU. ITS A SCAM AND PEOPLE SHOULD BE A WHERE. I HAVE TURNED IN AT LEAST 8 THIS MONTH TO MYSPACE OFFICALS.

  • 33 Posted by agoheron on Thu Sep 3, 2009 2:47PM EDT Report Abuse

    This is a great article to alert consumers of the epidemic that is identity theft, but like much of the information out there, it only focuses on the financial side of identity theft. Financial identity theft only comprises about 28% of total incidents reported to the FTC. There are four other areas of identity theft, which are Driver's License theft, Social Security fraud, Medical Insurance fraud, and Criminal/Character fraud. I have talked to two of my clients in the past three days who experienced the horrors of identity theft in all of these areas and it is not pretty at all. One had over $250,000 of damage done against her by her former best friend and roommate. When the perperator went to prison, the woman's identity was sold to at least two inmates leaving incarceration. I am a Certified Identity Theft Risk Management Specialist and an independent associate with Pre-Paid Legal Services, Inc. I would encourage you to look at the protection that our partner, Kroll Background, Inc., can offer you. They are the #1 risk management company in the world having handled the forensic accounting after the Enron debacle and the investigation into Saddam Hussein's financial network after his capture. Now they can give you protection in all areas of identity theft as well as access to a restoration department that will fully restore your identity in the event that your information is compromised. Since identity theft also becomes a legal issue, we offer access to quality legal counsel to assist in clearing your name and other life events that happen with you or your family. If you want more information, visit this web site and view the video on the Life Events Legal Plan and Identity Theft Shield, then feel free to ask me any questions you may have through the website contact information provided. The website is www.prepaidlegal.com/hub/oheronag

  • 34 Posted by smastny@sbcglobal.net on Thu Sep 3, 2009 9:28PM EDT Report Abuse

    A major suggestion from a very good non-profit organization is not to delete the email phish but to forward the entire email to pirt@castlecops.com This organization works with the FBI and is designed to help take down these phishing sites legally, regardless of which country the website is in. After they are forwarded feel free to delete them. You can also submit this information on castlecops website if you'd rather not email it. http://www.castlecops.com This security issue is talked in many IT security circles.

  • 35 Posted by cjourat on Thu Sep 3, 2009 3:26PM EDT Report Abuse

    At first I took up the cause of reporting these scams to the authories, including the provider, Gov. agencies, etc., but it took too much time & the emails from the same phishermen continued, increasing at times. I'd like to help prosecute these people, but certainly don't feel my efforts were effective. Maybe info. on successful prosecution might motivate the web community to act more aggressively. Now,I just delete them and get on with my day.

  • 36 Posted by dorlsherman@sbcglobal.net on Thu Sep 3, 2009 3:47PM EDT Report Abuse

    I received a notice from Washington Mutual that my account was frozen. I called my bank rather than give info over the internet and was informed that, although there was a Washington Mutual, they would never send such enquiries over the internet, so I informed the FBI. MY bank is not affiliated w/ Washington Mutual.

  • 37 Posted by pkundl on Thu Sep 3, 2009 8:14PM EDT Report Abuse

    Thank you for your article. I must get at least 10 to 20 of these type of rip offs every day. Your links to the demo sites is useful. I will be forwarding on to friends and family. Best practice I have found is never give out any info that the site should already have, and 'x' out and log onto the ACTUAL site you know is correct. p

  • 38 Posted by ghparalgl on Thu Sep 3, 2009 4:08PM EDT Report Abuse

    I received an email from my alma mater acknowledging my new email address. I had no new email address. It scared the daylights out of me but I couldn't find out anything about it.

  • 39 Posted by eurekakid@sbcglobal.net on Thu Sep 3, 2009 3:56PM EDT Report Abuse

    What is the matter with an honest days work. No wonder the world is so messed up. Millionaires usually get their money by bilking the people. When will enough be enough? Got Milk?

  • 40 Posted by scottstepp@sbcglobal.net on Thu Sep 28, 2006 2:09PM EDT Report Abuse

    What wasn't mentioned in the article is one I have been getting recently: an email from "Paypal" confirming my purchase of an expensive item (one that i of course did not purchase...then when you scroll down to the bottom there is a link you can click on that says "dispute purchase"...i've never clicked it but i assume when you do they get all your info...anyway anyone who has ever used Paypal or Ebay knows that there is no "dispute purchase" link on their invoices...always log in without using the email link and you will see all the recent activity on you Paypayl account.

  • 42 Posted by redsphinx@verizon.net on Thu Sep 3, 2009 8:34PM EDT Report Abuse

    Best thing to do is erase all emails from unfamiliar sources without opening them and/or forwarding them to the legitimate institutions they fraudulently represent. Get a caller ID and don't answer any phone calls that show "unavailable" or "private." No one can squeeze information out of an answering machine. If you must answer, hang up the second someone tries to sell something or tell you you won something in a contest you did not enter.

  • 43 Posted by ee_hutch on Thu Sep 3, 2009 3:52PM EDT Report Abuse

    I was an bad that got taken for over $5,000USD. It was a phishing email about EBay / PayPal. I thought I was on the PayPal website verifing my bank information. It was not PayPal, and what ended up happening was I gave them enough information about myself, so that they were able to create ATM Cards and hit my savings account and withdrew 5k USD. I live in the US and the people that stole the money were in Romania. What was ended up being the Silver Lining in a bad situation, was that my bank gave me back all of the 5k that was stolen. I now never respond to a email. I will always call up and respond rather than via a website.

  • 44 Posted by cookie78monster on Thu Sep 3, 2009 3:29PM EDT Report Abuse

    As the article said, beware of emails from "reputable" companies asking to verify information immediately. I got one from one of my credit card companies. Instead of replying to the email, I called the 800# on the back of my credit card, and they said it was a scam and to forward it to their fraud department. I did, but it did not go through. So, if your credit card companies contact you like this, try calling their 800#, and seeing if you can forward it so that we can stop these identity theives!

  • 45 Posted by bobnadel@verizon.net on Thu Sep 3, 2009 3:10PM EDT Report Abuse

    I have been told via e-mail from Spain that I have won a lottery....$78000.00. In order to ascertain that I am truly the recipient to whom the pize may be sent, I must fill in a questionaire with facts about myself including passport info. This I did not do. Bernard nadel

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.