I got a note from my bank about phishing scams, but I'm still not sure what it means. Can you explain in simple terms what phishing is all about?
What is Phishing?
In simplest terms, phishing is the act of stealing information using lies as bait. Instead of coming to your home to steal your information, online scammers want to trick you into passing it over voluntarily, by pretending to be someone you trust. The Internet has become a playground for unscrupulous people looking to steal your information. Let's take a look at some examples, and learn how to protect yourself from phishing scams.
Losing It All
Nancy Boyle and her family are victims of phishing, according to the Washington Post. Mrs. Boyle received an email allegedly from Bank One, asking her to please verify critical information. The email warned that they were trying out new anti-fraud procedures. She entered her critical information, and soon after money disappeared from her bank account.
Later, she got another email apparently from eBay, warning of possible fraudulent activity on her account. This time she handed over her Social Security number and other personal information. With this information, scammers easily could steal her identity and perpetrate fraud in HER name. And so they did, opening accounts, racking up bogus charges and leaving the Boyle family with years of financial stress ahead. The Federal Trade Commission estimates that over 1.5 million people fall victim to such scams each year.
We hear a lot about phishing because of the Internet, but this is not a new crime. In years past, men would come to an elderly woman's home, claiming they were from the bank. The woman would then hand over critical information, only to find out later that her money had been stolen. Because many people don't have a clear understanding of how easily emails and websites can be spoofed, the Internet has become one more way for scammers to steal your information. Only now they don't have to leave home or even show their faces.
Methods of PhishingPhishing can occur in various ways. For example, you may get an email that is supposedly from your bank. The email will ask you for sensitive information. It might also ask you to click a link to visit the website and enter your username, password or account numbers. Scammers have become so clever, that they will create websites looking exactly like the original website. Financial institutions, eBay and PayPal have been popular targets of phishing scammers for several years.
How can you tell if you've landed on a phishing website? Try an experiment. Enter a bogus username and password. A phishing website will accept any form of username and password and allow you to 'log in'. Or it may log your info, report a password error, and then redirect you to the correct site, leading you to think you merely entered your password incorrectly.
Don't Fall For Phishing Attacks
There are ways to prevent your information from being stolen. The first step is to always use updated antivirus software to protect your computer from spyware and viruses. Never browse the web without this protection, and be careful to keep your software up to date.
The next step is to never trust any website or email with your personal information, unless you are absolutely sure of where you are. Don't click on a link in an email to go to the website, even if the correct address appears at the bottom of the screen when you place the mouse over the link. The status bar can be easily spoofed, or you might be fooled by the replacement of the letter "O" by a zero. Instead, open up a new browser and type in the website address by hand, or click a link from your bookmarks or favorites list. Check with your bank by phone if you suspect a phishing attack, or if you're not sure of the correct website address.
If your bank asks for personal information to help identify you further, you can always call the number printed on your credit card or bank statement to ask them if it's legit, and if you could give it to them over the phone. Most banks will be happy to handle any security issues via phone, so you can feel safe.
To Better Protect You From Phishing
Banks are doing what they can to protect you from phishing attacks. For example, if large amounts of money are being drawn out, the bank can freeze your account and they will give you a call to make sure if the withdrawals are from you and not someone else. Banks are also trying to educate customers so they will be aware of phishing scams, and it's common practice for banks and credit card companies to NOT include a clickable link in their mailings. Some banks are even offering to cover some of the money you may have lost due to phishing attacks, but in the long run everyone pays for this kind of protection. If you use the right preventive measures, you'll never have to worry about it.
Current web browsers are becoming better at identifying potentially dangerous websites. They will check the websites you browse against a known list of phishing sites. The list is regularly updated and the feature is automatically enabled since FireFox version 2. It will flash a warning to you, letting you know that the website you are about to enter may be a phishing website.
With each new advance in technology, both the scammers and the good guys are engaged in an escalating battle. Your job is to be alert, keep your software updated and do your part to verify the identity of anyone receiving your personal information.
This article was posted by Bob Rankin on 26 Feb 2009
|For Fun: Buy Bob a Snickers.|
What is TiVo?
The Top Twenty
Is Pirate Bay Sinking?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Phishing Scams (Posted: 26 Feb 2009)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Phishing Scams"
02 Mar 2007
I was a victim of phishing, and they pretended to be a credit card company. They asked for 300 dollars to start a 2500 dollar credit line. I should have known better. They got my phone # from the internet and then prceeded to call me to finish the phish scam. They took the money from my account and then they even sent me some coupons in the mail. months went by and the credit card never showed up. Then, after 3 months i called the number and they siad it was on the way. 2 more months went by and when i called the number again, it kept repeating the open business hours, but even during those hours, they were never open. I wonder if the bank can tell who accessed my account to withdrawl the money and prosecute them to the fullest frickin extent? Please answer back and tell me how fight back after an attack of phishing.
EDITOR'S NOTE: Contact your local police.
21 Mar 2007
I deal with about 6 different banks, and report all phishing emails (thus I have viewed the security instructions for well over 50 banks). I have yet to see any of them offer this advice....mainly because they are so over-focused on Fake, not Real!
Everyone dealing with computer security should be giving the users advice on what phishing is, and how to avoid it, not how to recognize the fakes. Since customers know the real web site, the first time they use their online account, they should be told to type in the address and make sure it is correct. Then the user needs to be told that once they reach the login page, they must BOOKMARK it.
EDITOR'S NOTE: That's exactly my advice... above I stated: "open up a new browser and type in the website address by hand, or click a link from your bookmarks or favorites list."
04 Apr 2007
Hi Bob. Thanks again for the excellent "Bus"... I have had no problems since I started using "CallingID" http://www.callingid.com/ which is a free download plug-in that checks the ownership of a link or a site and warns you of a potential breach.
EDITOR'S NOTE: Isn't that function built-in to both IE7 and Firefox now?
27 May 2007
IE7 and Firefox provides only basic protection against phishing: when you visit a known phishing site you get an alert. CallingID safe browsing solution provides full protections for users including:
1. Detect the risk of following a link before visiting a site, in email, IM and a web page: In many cases following a link is dangerous. CallingID let users check if it is safe following a link telling you also where you will go who owns the visited site and if it is safe.
2. Positive identification of sites and their owners: This solution encourages users to do business with real sites and verifies the site to the user. CallingID provides full owner details and verification that the owner is a real organization conducting business at the address it claims to be in. CallingID’s verification database covers over 6 million websites with information cross referenced with multiple sources including Dun and Bradstreet, BBB and Yellow Pages. New sites are verified in real time and exceptions are handled by CallingID’s risk assessment team which also focuses on keeping the databases current
3. Data protection: When users try to submit personal or confidential information to suspected destination they are alerted upfront.
4. Anti-phishing: when the user visits a phishing site he is alerted and can choose to abort
5. Anti-scam: this is an extension of anti-phishing. Sites that try to steal information or money from the user use many different technologies, phishing is one of them.
6. Detection of sophisticated attacks: problems like cross-scripting, pharming, popup that masks address bar etc. are automatically detected using 54 verification tests
08 Feb 2012
I have recently received emails, typically for Google Earth and PDF, from a spammer. The only common denominator was the email address Contact List [email@example.com]. The emails are convincing but don't be fooled.
Hovering the cursor over the hyperlink will usually show your own email address as part of the HTML address.
Head straight for the delete key.