The Attack of the Big Phish

Mon Sep 25, 2006 9:52AM EDT

See Comments (138)

Are you familiar with phishing scams? I get several in my inbox every day, and I bet you do too.

Phishing is a one of the fastest-growing cybercrimes, according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.

You can identify a phishing scam by its urgent tone asking you to immediately update your account. There are many other telltale signs, which I'll cover later, but the smartest thing you can do is to resist the temptation of opening this dangerous email and instead delete the bait immediately.

Our advisors have written about phishing quite extensively, and the results of a recent study may encourage us to revisit these posts. A study conducted by Harvard University and University of California at Berkeley revealed that participants were vulnerable to phishing attacks no matter what their education level or computer savvy. Ninety percent of the users were fooled by good web design despite numerous phishing clues, such as questionable URLs, lack of security indicators, and even pop-up alerts.

Identity theft is big business, and phishing schemes are harder to spot than you think. Email is still the most popular method, but as digital thieves get more sophisticated, so do their tactics. Learn about the latest phishing techniques reported.

Email Phish

Always be suspicious of any email coming from any financial institution or online payment service such as PayPal. As a rule of thumb, never click on emails coming from unknown sources. Instead, learn to recognize spoof emails by checking web addresses, word misspellings, and security indicators, such as a locked padlock on the browser frame. Don't even click on them out of curiosity. Those sites may install keylogger software that records your keystrokes, then sends this information back to the scammers. If you want to know what a phishing email looks like, visit the Anti-Phishing Working Group web site for examples of actual emails sent.

Phone Phishing Is Alive and Kicking

If you think email is the only way scammers can get you to divulge personal information, you're wrong. Last year, the FBI issued a warning to the public regarding a scheme involving jury service. Apparently, a group of individuals has been disguising themselves as U.S. Court employees and contacting citizens to advise them that they have been selected for jury duty. They ask to verify names, Social Security numbers, and ask for credit card information. When their request is refused, they resort to threatening these citizens with fines. If you get one of these calls, report it immediately.

One of the latest phone phishing scams involved the use of VoIP (Voice over Internet Protocol). Voice mails led unsuspecting users to believe their bank accounts had been frozen, and they were asked to call the provided number. A friendly message prompted them to enter their PIN number and bank account information. What they didn't know was that all the information they provided was being collected by phishing criminals. According to TechWeb, these methods use automated scripts to initiate the VoIP calls and a spoof caller ID so they appear legitimate.

Both methods are equally scary and prove that phishing is no longer confined to the web.

Social Networks Get Phished Too

Places like MySpace have also been targeted, and users are receiving bulletins titled, "Check out these old school pictures..." When users click the link, they're directed to a site that looks exactly like a MySpace login screen. Malware is then installed on their computer, capturing login information to test their other accounts. Check out Dory's post for the latest tactics on MySpace phishing.

What to Do if You've Been Phished?

If you think your account has been compromised, the best thing you can do is report it to your bank. Alert bank officials immediately, and close any account you think may have been compromised. You should also contact one of the the three consumer reporting agencies to place a fraud alert on your account. This will raise a red flag if anyone tries to open a credit card account using your name. Don't forget to contact your local police department, and file a complaint with the FTC and FBI's Internet Complaint Center.

Hope this information keeps you on your toes. Also, check out part two of this phishing scam report, where I will show you how to spot a spoof email like a pro.

Top 5 Posts

Comments on The Attack of the Big Phish

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 46 Posted by leilaporter@sbcglobal.net on Thu Sep 3, 2009 6:48PM EDT Report Abuse

    Great article very informative. I was a victim of e-mail phishing. Fortunately my bank noticed it and contacted me by snail mail. I closed my accounts and sadly no longer bank on line or pay bills on line. Paranoia has set in I'm afraid. Someone mentioned to me that so long as you use a dial-up connection the phishers have to work a bit harded, no impossible, but with such easy targets out there, they apparently dont waste time on the dial up users. It is a huge inconvenience being phished, you have to contact the three major credit companys. Not only once..but every three months for about ten years I have been told.

  • 47 Posted by dch39456@sbcglobal.net on Thu Sep 28, 2006 2:42PM EDT Report Abuse

    Your article on phishing was very informative. Unfortunately, however, you omitted one of the most potent tools available to the public to enable legal action to be taken against the "phishers." This tool is: www.spam@uce.gov This is the official government agency responsible for eliminating the "phishers." I routinely send phishing e mails to this website. Rarely do I hear from the "phishcrs" a second time. Best Regards, David Homsher

  • 50 Posted by glanzmmr on Thu Sep 3, 2009 4:10PM EDT Report Abuse

    just dont be a complete moron and you will avoid problems...who gives their SSN over the web???

  • 51 Posted by riprath@verizon.net on Thu Sep 3, 2009 8:42PM EDT Report Abuse

    nice article, showed to to my daughter who uses my computer even though she is not supposed to. hope she learned something

  • 52 Posted by cronemum on Thu Sep 3, 2009 3:31PM EDT Report Abuse

    I printed off this info but i haven't fully examined it yet but my desire is that a list of the contact addresses for extra info would be posted in the body of the e-m so that the reference could be contacted later.

  • 53 Posted by leslie_tech_maven on Thu Sep 3, 2009 6:49PM EDT Report Abuse

    Your article helped explained fishy emails I got. Found more help on http://www.inetplanet.net/secrtyhelp.html

  • 54 Posted by lopez1573@sbcglobal.net on Thu Sep 3, 2009 6:56PM EDT Report Abuse

    I was inundated with paypal warnings that someone was using my account fraudulently. I ignored them but now I get on-line Wells Fargo account information updates that are phisy. Great article helped me tremendously.

  • 56 Posted by blueydlady2@sbcglobal.net on Thu Sep 3, 2009 3:09PM EDT Report Abuse

    This article hits the nail on the head. I'm a huge user of SPAM and like the article says Watch out for the all mentioned and the spider web effect. You would think spaming would stop this but it doesn't. If I don't know who it is I automatically SPAM, sorry friends if you've changed your address on me, YOU"VE BEEN SPAMMED

  • 57 Posted by budlightgirl232000 on Thu Sep 3, 2009 3:15PM EDT Report Abuse

    I had my daughter read it (shes 13)I have been warning her about the my space now she understands thanks

  • 58 Posted by irnwrk1@sbcglobal.net on Thu Sep 3, 2009 4:25PM EDT Report Abuse

    I hope there is no one out there who is gullible enough to believe that a long lost relative in a foreign country died, leaving them the sole heir to millions.

  • 59 Posted by rlenke@sbcglobal.net on Thu Sep 3, 2009 8:43PM EDT Report Abuse

    I phind this article most helphul phor those who phoolishly open phish and wind up in a big phix

  • 60 Posted by ams076 on Thu Sep 3, 2009 2:53PM EDT Report Abuse

    Great article but does the author get into detail about the origin of where the phishing is coming from? This is what we should be asking.

  • 61 Posted by jkj85@sbcglobal.net on Thu Sep 3, 2009 4:36PM EDT Report Abuse

    This article was very informative. Since I switched to SBC DSL, I don't seem to get spam anymore, but when I had WebTV I got a lot of fake eBay and PayPal emails of the kind described. If you buy/sell on eBay, you should also read their tips for spotting phony auctions.

  • 65 Posted by mustang_eddie302 on Thu Sep 3, 2009 7:30PM EDT Report Abuse

    Yes, I too was Phished. Got an email at Yahoo with the subject line about receiving an e-greeting card. I've sent these myself and have received many, however the thing to look for is WHO sent the e-greeting in the message text. By clicking on the link I allowed someone to gain control of my Yahoo account. You can still see a Hacker group logo in place of my profile photo on the account. Many emails to Yahoo failed to resolve the issue as I could not remember my "secret question" answer.

More Posts: First Prev 2 3 4 5 6 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.