The Attack of the Big Phish
Mon Sep 25, 2006 9:52AM EDT
See Comments (138)
Are you familiar with phishing scams? I get several in my inbox every day, and I bet you do too.
Phishing is a one of the fastest-growing cybercrimes, according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.
You can identify a phishing scam by its urgent tone asking you to immediately update your account. There are many other telltale signs, which I'll cover later, but the smartest thing you can do is to resist the temptation of opening this dangerous email and instead delete the bait immediately.
Our advisors have written about phishing quite extensively, and the results of a recent study may encourage us to revisit these posts. A study conducted by Harvard University and University of California at Berkeley revealed that participants were vulnerable to phishing attacks no matter what their education level or computer savvy. Ninety percent of the users were fooled by good web design despite numerous phishing clues, such as questionable URLs, lack of security indicators, and even pop-up alerts.
Identity theft is big business, and phishing schemes are harder to spot than you think. Email is still the most popular method, but as digital thieves get more sophisticated, so do their tactics. Learn about the latest phishing techniques reported.
Email Phish
Always be suspicious of any email coming from any financial institution or online payment service such as PayPal. As a rule of thumb, never click on emails coming from unknown sources. Instead, learn to recognize spoof emails by checking web addresses, word misspellings, and security indicators, such as a locked padlock on the browser frame. Don't even click on them out of curiosity. Those sites may install keylogger software that records your keystrokes, then sends this information back to the scammers. If you want to know what a phishing email looks like, visit the Anti-Phishing Working Group web site for examples of actual emails sent.
Phone Phishing Is Alive and Kicking
If you think email is the only way scammers can get you to divulge personal information, you're wrong. Last year, the FBI issued a warning to the public regarding a scheme involving jury service. Apparently, a group of individuals has been disguising themselves as U.S. Court employees and contacting citizens to advise them that they have been selected for jury duty. They ask to verify names, Social Security numbers, and ask for credit card information. When their request is refused, they resort to threatening these citizens with fines. If you get one of these calls, report it immediately.
One of the latest phone phishing scams involved the use of VoIP (Voice over Internet Protocol). Voice mails led unsuspecting users to believe their bank accounts had been frozen, and they were asked to call the provided number. A friendly message prompted them to enter their PIN number and bank account information. What they didn't know was that all the information they provided was being collected by phishing criminals. According to TechWeb, these methods use automated scripts to initiate the VoIP calls and a spoof caller ID so they appear legitimate.
Both methods are equally scary and prove that phishing is no longer confined to the web.
Social Networks Get Phished Too
Places like MySpace have also been targeted, and users are receiving bulletins titled, "Check out these old school pictures..." When users click the link, they're directed to a site that looks exactly like a MySpace login screen. Malware is then installed on their computer, capturing login information to test their other accounts. Check out Dory's post for the latest tactics on MySpace phishing.
What to Do if You've Been Phished?
If you think your account has been compromised, the best thing you can do is report it to your bank. Alert bank officials immediately, and close any account you think may have been compromised. You should also contact one of the the three consumer reporting agencies to place a fraud alert on your account. This will raise a red flag if anyone tries to open a credit card account using your name. Don't forget to contact your local police department, and file a complaint with the FTC and FBI's Internet Complaint Center.
Hope this information keeps you on your toes. Also, check out part two of this phishing scam report, where I will show you how to spot a spoof email like a pro.
Top 5 Posts
Comments on The Attack of the Big Phish
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
67 Posted by squg44@sbcglobal.net on Thu Sep 3, 2009 9:37PM EDT Report Abuse
I really appreciate the information. When it happened to me, within the first 3 days of opening my account, I knew to close the window because I had read the warnings. Thanks!
-
68 Posted by steve345@sbcglobal.net on Thu Sep 3, 2009 9:43PM EDT Report Abuse
my account was phished by a overlay on my transunion credit report. When I signed in to check my credit info the account was down and asked me for additional info to verify my account number. The very next day people in Spain had my account info.
-
69 Posted by mealyml@sbcglobal.net on Thu Sep 3, 2009 7:14PM EDT Report Abuse
I wish I had known about phising several months ago. I previously worked for a bank and thought I knew all the scams. I got a e-mail from what looked like pay-pal. They were asking information on my account. I should have gone with my first instinct, that something wasn't right. Well I gave out some personal info and immediately regretted it. I contacted my financial institute and changed all my accounts immediately. You have listed some very important information that everyone should heed.
-
70 Posted by susiegogo on Thu Sep 3, 2009 9:50PM EDT Report Abuse
I am only too aware of cyber fraud, which is why I do not use Internet Explorer unless I absolutely must. Well in my attempt to read your article, the browser I was using (NOT IE) crashed. Thinking it was a glitch, I opened it back up and loaded up the article again. Presto Freezo, again. Why oh why do the web software developers insist on only one reality? No wonder cyber fraud is so pervasive.
-
71 Posted by schnell785@sbcglobal.net on Thu Sep 3, 2009 9:08PM EDT Report Abuse
I am SO glad to read this...it gives me a better understanding of what has been going on lately with Myspace and other things I've been hearing about!
-
72 Posted by fun7pa@sbcglobal.net on Thu Sep 3, 2009 4:04PM EDT Report Abuse
has anyone ever heard of AVG CONTROL CENTER? being comp illiterate I have to worry about everything I don't know or understand
-
73 Posted by mwire2000 on Thu Sep 3, 2009 7:31PM EDT Report Abuse
While this is helpful some steps you suggest don't do any good. The credit reporting services only keep the fraud alert active for 3-6 months. I personally would like to make it a permanent block. And my local police department did not want to fill out a report since the information was used "out of state".
-
74 Posted by wheatiron on Thu Sep 3, 2009 10:44PM EDT Report Abuse
We have to open the email in order to copy and paste the info to report them to anti-phishing sites or to report abuse to the ISP. Can Yahoo put a phish button next to the delete and spam buttons in our email so we don't have to open the email? That way we can send the phish without all the risk to us.
-
75 Posted by jon29@sbcglobal.net on Thu Sep 3, 2009 4:40PM EDT Report Abuse
what a great tool thanks.
-
76 Posted by cancerian73@sbcglobal.net on Thu Sep 3, 2009 3:17PM EDT Report Abuse
I myself have had several phishing emails come to me that were urgent and needed me to update my accounts. Some were Ebay and PayPal-BE CAREFUL and knowledgable and bad things won't happen to you!
-
77 Posted by jan.koehler@sbcglobal.net on Thu Sep 3, 2009 4:28PM EDT Report Abuse
When they catch somebody phishing, what do he (she) gets? Ten dollars fine?
-
78 Posted by hjoseph@prodigy.net on Thu Sep 3, 2009 4:19PM EDT Report Abuse
We were recently contacted through fradulent e-mails that looked like our bank, Chase Manhattan and Paypal asking to confirm confidential information. These e-mails sometimes contained spelling errors or used bad grammar. If you receive any of these, please take the time contact the banks or companies involved as well as the FBI. They will follow-up on them. Thanks, HJoseph
-
79 Posted by cedvs@sbcglobal.net on Thu Sep 3, 2009 3:20PM EDT Report Abuse
Another way of PHISING..is to offer free gifts. Further down in the initial statement, you will find a series of blank entries which asks for everything about you that is very revealing. You might want to read the next page or two before doing anything. Especially filling in the blanks.
-
80 Posted by rdkidsrock@sbcglobal.net on Thu Sep 3, 2009 8:33PM EDT Report Abuse
I would like to know if there is a way to find the addresses of these thieves so as I may do alittle Interrogation of my own.I'm betting their little thieving fingers couldnt press keys very good ! :-)
-
81 Posted by bobd19111 on Thu Sep 3, 2009 3:10PM EDT Report Abuse
I have gotten many of these over the past few months pretending to be from either eBay, or PayPal, seeking account info, and they were all bogus. I forwarded all onto eBay or PayPal and they notified me, usually within minutes, that they are bogus, along with steps in identifying them for the future.
-
82 Posted by alluetta@sbcglobal.net on Thu Sep 3, 2009 2:51PM EDT Report Abuse
I am an honest business woman, as an Asset Tracer I find unclaimed funds for individuals and businesses in the Kern County area. Unfortunately, because of scammers, my business has been hampered. Regardless, I appreciate articles like this that open eyes to the scammers of the world and make people more conscienious to liars and cheaters. Even I have been phished. Sincerely, Janet Needham
-
83 Posted by elmoore3@verizon.net on Tue Oct 24, 2006 12:44PM EDT Report Abuse
If this is how these scam companies thrive, on the information asked by these companies. These retail sites or any other sites requesting soc. sec.#'s, birth dates or any other personal info, have to be held accountable for requesting this info when they are aware of the problems that are caused due to their requesting sensitive personal information. To put it simply, who ever is requesting this type of information needs to find a different way to receive this info. Gee, maybe we may have go back to the archaic postal service. I realize time is of the essence in todays business success. Do these companies really want their customers or clients risking the security of their name being used wrongfully? Or, it just falls back on the consumer to not open themselves up for scam artists to abuse their names and not provide this info over the internet.
-
84 Posted by brrenda859 on Thu Sep 3, 2009 3:14PM EDT Report Abuse
So, when in doubt, delete. You can always go to the actual website and verify info.?
-
85 Posted by ishban on Thu Sep 3, 2009 4:25PM EDT Report Abuse
ITs not only financial institutions. There is a new one that almost got me yesterday. YAhoo Greetings. You receive an email saying you received a greeting card from yahoo american greetings sending you to a login page looking like your yahoo sign on page. The funny url in the address bar gave it away.
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
66 Posted by twobtrflys@sbcglobal.net on Thu Sep 3, 2009 10:25PM EDT Report Abuse
I won't open anything that pertains to money,credit or information of any kind, to or from anyone. I know my e-buddies @ the bank has my ID. If I make changes, I go to the bank or call.