The endless barrage of spam
assualting your mail account is bad enough. But most spam is
quite obviously spam. We've all learned to almost instantly
recognize a spam message when we see it. However, an
increasingly frequent and dangerous trick is known as
"phishing," and it's a bit worse than your average
get-rich-quick spam message. The result is over 1.2 billion
dollars in fraud in less than one year.
Phishing is a
form of fraud that involves tricking you into thinking a
message is from a legitmate sender and then leading you to a
bogus (but very convincing) site where you are prompted to
enter sensitive personal data such as credit card or account
numbers, social security numbers, or passwords. The purpose of
such scams is not hard to imagine. The perpetrators wish to
steal money from your accounts, commit crimes in your name, or
even steal your identity. According to antiphishing.org, up to
5% of recipients have fallen for the trick. It's easy to see
why: at first glance, the messages can appear to be real, even
to a seasoned internet user.
A phishing message will
most likely have the logo of a legitimate company, and the
"From" address may also appear to be from the real company. In
some rare cases, the URL shown in the browser's address field
may even display the domain of the legitimate
company.
Two infamous phishing scams that have
circulated a lot during the past couple of years involve eBay
(example) and PayPal (example), and it is now increasingly
common to see similar scams relating to online banking. The
gist of the message is usually something along the lines of
"there is a problem with your account and we need to validate
your information" or "your account information needs to be
updated." Those phrases should trigger suspicion just as
readily as "1.ast CHan.ce 2 SAV Now!!"
Phishing is a
growing risk, and lawmakers and companies have started to
fight back. Microsoft recently donated both money and a paid
analyst to the National Cyber-Forensics and Training Alliance
(NCFTA). In July, the Identity Theft Penalty Enhancement Act
was signed into law. The act imposes prison sentences for
individuals using someone else's identification data for
criminal purposes. An additional bill proposed July 9 by
Senator Patrick Leahy of Vermont would also provide prison
terms and stiff fines for those convicted of
phishing.
To protect yourself, do not open links in
email or instant messages that ask for personal or financial
information. It is unlikely that legitimate companies will ask
for such information via email (and if they do, you should
complain). If you are in doubt as to the authenticity of a
message, you should call the company in question to clarify.
You can also type the company's URL directly into the web
browser instead of clicking a link from a message to ensure
that you are going to the company's real website.
If
you suspect that you have been the victim of a phishing
attack, you should immediately contact the actual bank or
store by telephone and explain the situation. You can also
report possible scams to the Better Business Bureau at
http://www.bbbonline.org/idtheft/ or the Federal Trade
Commission at http://www.ftc.gov/.
Finally, you can
help make the internet safer for us all by educating your
colleagues, family and friends about the dangers of phishing
scams.
Author Name:
Rebecca WyattAuthor Email: chris@pixicom.comAuthor Website:
http://www.pixicom.com
