The Attack of the Big Phish

Mon Sep 25, 2006 9:52AM EDT

See Comments (138)

Are you familiar with phishing scams? I get several in my inbox every day, and I bet you do too.

Phishing is a one of the fastest-growing cybercrimes, according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.

You can identify a phishing scam by its urgent tone asking you to immediately update your account. There are many other telltale signs, which I'll cover later, but the smartest thing you can do is to resist the temptation of opening this dangerous email and instead delete the bait immediately.

Our advisors have written about phishing quite extensively, and the results of a recent study may encourage us to revisit these posts. A study conducted by Harvard University and University of California at Berkeley revealed that participants were vulnerable to phishing attacks no matter what their education level or computer savvy. Ninety percent of the users were fooled by good web design despite numerous phishing clues, such as questionable URLs, lack of security indicators, and even pop-up alerts.

Identity theft is big business, and phishing schemes are harder to spot than you think. Email is still the most popular method, but as digital thieves get more sophisticated, so do their tactics. Learn about the latest phishing techniques reported.

Email Phish

Always be suspicious of any email coming from any financial institution or online payment service such as PayPal. As a rule of thumb, never click on emails coming from unknown sources. Instead, learn to recognize spoof emails by checking web addresses, word misspellings, and security indicators, such as a locked padlock on the browser frame. Don't even click on them out of curiosity. Those sites may install keylogger software that records your keystrokes, then sends this information back to the scammers. If you want to know what a phishing email looks like, visit the Anti-Phishing Working Group web site for examples of actual emails sent.

Phone Phishing Is Alive and Kicking

If you think email is the only way scammers can get you to divulge personal information, you're wrong. Last year, the FBI issued a warning to the public regarding a scheme involving jury service. Apparently, a group of individuals has been disguising themselves as U.S. Court employees and contacting citizens to advise them that they have been selected for jury duty. They ask to verify names, Social Security numbers, and ask for credit card information. When their request is refused, they resort to threatening these citizens with fines. If you get one of these calls, report it immediately.

One of the latest phone phishing scams involved the use of VoIP (Voice over Internet Protocol). Voice mails led unsuspecting users to believe their bank accounts had been frozen, and they were asked to call the provided number. A friendly message prompted them to enter their PIN number and bank account information. What they didn't know was that all the information they provided was being collected by phishing criminals. According to TechWeb, these methods use automated scripts to initiate the VoIP calls and a spoof caller ID so they appear legitimate.

Both methods are equally scary and prove that phishing is no longer confined to the web.

Social Networks Get Phished Too

Places like MySpace have also been targeted, and users are receiving bulletins titled, "Check out these old school pictures..." When users click the link, they're directed to a site that looks exactly like a MySpace login screen. Malware is then installed on their computer, capturing login information to test their other accounts. Check out Dory's post for the latest tactics on MySpace phishing.

What to Do if You've Been Phished?

If you think your account has been compromised, the best thing you can do is report it to your bank. Alert bank officials immediately, and close any account you think may have been compromised. You should also contact one of the the three consumer reporting agencies to place a fraud alert on your account. This will raise a red flag if anyone tries to open a credit card account using your name. Don't forget to contact your local police department, and file a complaint with the FTC and FBI's Internet Complaint Center.

Hope this information keeps you on your toes. Also, check out part two of this phishing scam report, where I will show you how to spot a spoof email like a pro.

Top 5 Posts

Comments on The Attack of the Big Phish

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by mel_rojo99 on Thu Sep 3, 2009 7:16PM EDT Report Abuse

    identity theft is one of the scariest things that many people are still very unaware of and i'm glad that there is info out there like this article to give innocent people a serious wake up call :-)

  • 7 Posted by beckydehaven on Thu Sep 3, 2009 3:04PM EDT Report Abuse

    I recently got an e-mail from a bank that "claimed" I had to respond immediately because someone had applied for a credit card in my name. Needless to say I deleted it. Don't fall for this.

  • 8 Posted by vincenzo_bellini2006 on Wed Sep 27, 2006 10:24PM EDT Report Abuse

    How to make yahoo reply and do something? I am a yahoo user for 7 years and now someone has messed up my password. For 3 weeks now I am trying to make yahoo do something about it and give me back my account, but all I get are circular letters which say nothing at all... Is there a way to do something? I do not think so because I am sure yahoo does not care about users.

  • 9 Posted by packing3heat on Thu Sep 3, 2009 7:48PM EDT Report Abuse

    wow great advice thanks you for it, this helps a lot

  • 11 Posted by drthsimmonds222 on Thu Sep 3, 2009 3:48PM EDT Report Abuse

    As an individual who held the belief that there is always someone out there trying to us other peoples personal information for finalcial gain, I was always extremely careful in protecting mine.Asking for carbon copy of creditcard swipes during the 80's.Spending weekend cutting up personal information in small pieces using a scissors before the small shredders became popular- by then I had two shredder in my appartment and my office.In 1997,as partner of a company, I applied for a credit revolving loan at a major New York bank- JPMorganChase.In Jan.98'I was the victim of identity theft for a $23,000 Loan at a branch of the same bank.Five years later,2002,I was a victim again at the same branch of that bank-a loan for $24,000. First fraudulant loan still outstanding-I guess no past loan history required. I dicovered this when the same bank which is the holder of my personal creditcard accounts started charging Default rates of up to 27% to my existing card Debts.This was based on my unfavorable credit report which stemed from the report of the fraudulant loans reported by the same bank to the credit bureau.I have since hired a lawyer,but have yet to get a response from 'the same bank'.So after reading you article I was reluctant to fill in personal information on IDT or FBI sites fearing they could also be design by con artist!!

  • 12 Posted by dm7700@swbell.net on Thu Sep 3, 2009 3:45PM EDT Report Abuse

    I agree that everyone should be careful. I get emails from Paypal saying to update my account and I was told to forward that to spoof@paypal.com I do that and they always email back thanking me and telling me that it was not them.

  • 13 Posted by time2mind on Thu Sep 3, 2009 10:10PM EDT Report Abuse

    Very good BEWARE article. The online sharks are everywhere...in every shape and form deceit could cloak itself in.

  • 14 Posted by flagwaver@sbcglobal.net on Thu Sep 3, 2009 4:00PM EDT Report Abuse

    Good article but you say to look for a questionable URL. What whould make it questionable? That is, what exactly should we look for? I generally just delete without opening these, but I did miss a real message from Paypal by doing that.

  • 15 Posted by lordofmylife3@verizon.net on Thu Sep 28, 2006 6:59AM EDT Report Abuse

    Fortunately, when I finally got a computer at home, I knew I needed online protection - the spam blocker that sends stuff to bulk is very, very comforting. However, I find the information regarding Paypal very disconcerting. When I buy something on Ebay, there are several messages that come through as well as when I need to contact a member. I will be looing further into this. THANKS for raising my awareness level!!

  • 16 Posted by lewisandelaine on Thu Sep 3, 2009 6:49PM EDT Report Abuse

    After listing vacation property on e-bay, I received over 100 such e-mails. Fortunately for me, Readers Digest had published several articles about this, to include how to ID them, otherwise I may have become a victim because I had just started using a computer. In addition, many of the e-mails were quite professional, using the screens of e-bay and paypal. I reported most of these e-mails to e-bays security at spoof@ebay.com, where they could be investigated and hopefully caught. I also downloaded their toolbar with security guard and researched all their info. on phishing.

  • 17 Posted by steffens2018@sbcglobal.net on Thu Sep 3, 2009 9:41PM EDT Report Abuse

    My e-mail in July started getting all kinds of scams: From lottery wins, how to steal from banks,porn/singles, even real estate. In two weeks I had spamed 200! My bulk folder only has a limit of 500. And I'm still getting some even with the same names that I had spamed. Must be using a slightly different e-mail to end up back in my inbox instead of in my bulk folder. I have 328 in in my blocked list right now. Once its full, I don't think it will allow anymore blocks and don't know how to delete without all os them spaming again.

  • 18 Posted by michaelcressey@sbcglobal.net on Thu Sep 3, 2009 7:18PM EDT Report Abuse

    This happened to me on September 25th of this year and they charged $220.95 to my account and paypal charged $39.95 to my Bank of America account. But I was on it. I stopped this scam cold. Thanks for the information.

  • 19 Posted by jenniferptt126 on Thu Sep 3, 2009 4:32PM EDT Report Abuse

    Thank you for the info. I'm new to the computer thing and this will help me and my kids be safe.

  • 20 Posted by patsplayground@sbcglobal.net on Thu Sep 3, 2009 8:01PM EDT Report Abuse

    thank you gia for the heads up. is it true that most of these scams come from overseas. and when there frauds are caught what kind of time do they serve. thanks again and god bless

  • 21 Posted by bear4@prodigy.net on Thu Sep 3, 2009 3:04PM EDT Report Abuse

    I would like to know why the average victim is left responsible for the crime of theft committed against them ? . Tell your Senators and Representatives that for Businesses to accept and transact with con artists is the true problem and when it occurs , The Business should be held responsible , NOT THE VICTIM . I can guarantee you that If fair laws were enacted these Businesses would develop methods to stop I.D. theft overnight . But as it sits it is a profitable crime for the con artist and the businesses who were conned , When all is said and done the Victim is held responsible for these actions which have truly become Insanely pervasive and relentless . PLEASE CONTACT CONGRESS BY E-MAIL OR TELEPHONE AND TELL THEM THAT YOUR VOTES WILL COUNT ON ACTION AGAINST THIS SEVERE PROBLEM !!!!!!!! .

  • 22 Posted by jumpnjud on Thu Sep 3, 2009 4:44PM EDT Report Abuse

    Thank you so much for the info - I knew a bit about this stuff but so much of it surprised me - These morons that do this stuff have to much time on their hands and need to get a real job. Lock em up!!!!

  • 23 Posted by dudleylongbone on Thu Sep 3, 2009 3:49PM EDT Report Abuse

    Great advice! I was phished on my ebay account. Some clown was selling "brand new" $3000 Mac Power books for $900.00 "Buy It Now" on my ebay account. This scammer went into "My Ebay" and changed the email addres to his. Finally I went to check my account one day, and could not log in. Ebay claimed that this is happening at an alarming rate. Needless to say, it took quite a bit of emailing to get sellers to understand that I did not have any laptops for sale.

  • 24 Posted by juanita_leach@verizon.net on Thu Sep 3, 2009 4:43PM EDT Report Abuse

    thank you yahoo, this is something I knew nothing about...I'm wiser now and will keep a weather eye on this

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.