Phishing expedition
Date: July 20, 2004Source: Computer Crime Research Center
By:
The term "phishing" may not be familiar, but if you've used e-mail lately, chances are good that you've seen one of its hooks dangling in front of you.
"Phishing" is an increasingly prevalent form of Internet fraud. It begins with an e-mail that looks and reads like an authentic message from a bank, store, Internet-service provider or online business --complete with corporate logos.
Typically, recipients of these e-mails are told there's a problem with their accounts, and they need to visit a special Web page to re-enter their credit-card number, passwords or other personal information.
The Web sites are phony, and the people on the other end of the phishing line are scam artists. Some of them are apparently living quite well. One research firm estimates that phishing victims lost $1.2 billion between April 2003 and April 2004.
A thousand scamsA spokesman for the Anti-Phishing Working Group -- a coalition of banks, Internet- service providers and others -- recently told The Washington Post that a typical phishing scam lands in 50,000 to 1 million e-mail in-boxes. In May, the watchdog group identified more than 1,000 different scams.
Sen. Pat Leahy, D-Vt., recently introduced a bill that would punish phishing scammers with up to five years in jail and $250,000 in fines.
Fraud and identity theft are already illegal, of course, but Leahy says the measure would ease the way for prosecutors to go after phishers for simply attempting a scam.
Current laws typically require proof that the victim has suffered a financial loss. But, as an aide to Leahy told the Post, the scammer is often long gone before the loss has been discovered or the evidence gathered.
The best protection
It's clear that Congress needs to intervene, given the volume of fraudulent e-mail circulating on the Internet and the growing threat to consumers and businesses.
In the meantime, the best protection against these scams is to assume the worst: An e-mail asking for your credit-card number or similar information isn't real.
If you think the message may be authentic, pick up a telephone and call the real phone number for the company that's supposedly seeking information from you.
Additional assistance can be found online at www.antiphishing.org. The site lists recent phishing scams and offers tips on how to avoid being defrauded. It also provides information on how to report messages to federal authorities, who -- with any luck -- will be able to hook the criminals and reel them in.
What to do to feel protected?
- Internet Auction Fraud
Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the seller's obligations are before you bid.
Find out what actions the web site/company takes if a problem occurs and consider insuring the transaction and shipment.
Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located.
Examine the feedback on the seller.
Determine what method of payment the seller is asking from the buyer and where he/she is asking to send payment.
If a problem occurs with the auction transaction, it could be much more difficult if the seller is located outside the US because of the difference in laws.
Ask the seller about when delivery can be expected and if there is a problem with the merchandise is it covered by a warranty or can you exchange it.
Find out if shipping and delivery are included in the auction price or are additional costs so there are no unexpected costs.
There should be no reason to give out your social security number or drivers license number to the seller.
- Non-Delivery of Merchandise
Make sure you are purchasing merchandise from a reputable source.
Do your homework on the individual or company to ensure that they are legitimate.
Try to obtain a physical address rather than merely a post office box and a phone number, call the seller to see if the number is correct and working.
Send them e-mail to see if they have an active e-mail address and be wary of sellers who use free e-mail services where a credit card wasn't required to open the account.
Consider not purchasing from sellers who won't provide you with this type of information.
Check with the Better Business Bureau from the seller's area.
Check out other web sites regarding this person/company.
Don't judge a person/company by their web site.
Be cautious when responding to special offers (especially through unsolicited e-mail).
Be cautious when dealing with individuals/companies from outside your own country.
Inquire about returns and warranties.
The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong.
Make sure the transaction is secure when you electronically send your credit card numbers.
Consider utilizing an escrow or alternate payment service.
- Credit Card Fraud
Don't give out your credit card number(s) online unless the site is a secure and reputable site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. This icon is not a guarantee of a secure site, but might provide you some assurance.
Don't trust a site just because it claims to be secure.
Before using the site, check out the security/encryption software it uses.
Make sure you are purchasing merchandise from a reputable source.
Do your homework on the individual or company to ensure that they are legitimate.
Try to obtain a physical address rather than merely a post office box and a phone number, call the seller to see if the number is correct and working.
Send them e-mail to see if they have an active e-mail address and be wary of sellers who use free e-mail services where a credit card wasn't required to open the account.
Consider not purchasing from sellers who won't provide you with this type of information.
Check with the Better Business Bureau from the seller's area.
Check out other web sites regarding this person/company.
Don't judge a person/company by their web site.
Be cautious when responding to special offers (especially through unsolicited e-mail).
Be cautious when dealing with individuals/companies from outside your own country.
The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong.
Make sure the transaction is secure when you electronically send your credit card numbers.
You should also keep a list of all your credit cards and account information along with the card issuer's contact information. If anything looks suspicious or you lose your credit card(s) you should contact the card issuer immediately.
- Investment Fraud
Don't invest in anything based on appearances. Just because an individual or company has a flashy web site doesn't mean it is legitimate. Web sites can be created in just a few days. After a short period of taking money, a site can vanish without a trace.
Don't invest in anything you are not absolutely sure about. Do your homework on the investment to ensure that it is legitimate.
Do your homework on the individual or company to ensure that they are legitimate.
Check out other web sites regarding this person/company.
Don't judge a person/company by their web site.
Be cautious when responding to special investment offers (especially through unsolicited e-mail).
Be cautious when dealing with individuals/companies from outside your own country.
Inquire about all the terms and conditions.
If it sounds too good to be true it probably is.
- Nigerian Letter Scam
Be skeptical of individuals representing themselves as Nigerian or foreign government officials asking for your help in placing large sums of money in overseas bank accounts.
Do not believe the promise of large sums of money for your cooperation.
Guard your account information carefully.
- Business Fraud
Purchase merchandise from reputable dealers or establishments.
Try to obtain a physical address rather than merely a post office box and a phone number, call the seller to see if the number is correct and working.
Send them e-mail to see if they have an active e-mail address and be wary of those that utilize free e-mail services where a credit card wasn't required to open the account.
Consider not purchasing from sellers who won't provide you with this type of information.
Purchase merchandise directly from the individual/company that holds the trademark, copyright, or patent.
Beware when responding to e-mail that may not have been sent by a reputable company.
Created using materials from The Internet Fraud Complaint Center (IFCC), Herald Tribune.Com, Anti Phishing Working Group.
Find more:
Phishing Attack Trends Report - May 2004
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2005-09-02 01:06:45 - Very nice Gergana |
| Total 1 comments |
