Phishing Scams – How to Avoid Being a Victim of Internet Identity Theft

Phishing scams are a form of Internet identify theft. It is used by a cyber-thief to steal your good name and credit rating. The term phishing is a clever variation on the word “fishing.” The idea of the scam is that bait is thrown out with the hopes that someone will be tempted into biting.

Phishing Scams: Definition

Phishing (fish’ing) (n.) according to Webopedia: is the act of sending an e-mail to a user falsely claiming to be a legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information, such as passwords, credit card, social security, and bank account numbers, that the legitimate organization already has. The Website, however, is bogus and set up only to steal the user’s information.

Phishing Scams: A Growth Industry

Identity theft is the fastest growing crime in the world. According to the National Cyber Security Alliance, one in four Internet users have received phishing scams and 70% were fooled by them. In 2003 we saw a proliferation of the phishing scams where users received e-mails supposedly from eBay or another major company claiming that the user’s account was about to be suspended unless they clicked on the provided link and updated their financial information. It is relatively simple to make a bogus Website look like a legitimate company site by mimicking the HTML code. The phishing scam is counting on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

The number and sophistication of phishing scams sent out to consumers are continuing to increase dramatically. Direct economic losses in the United States alone totaled over $574 million in 2004, according to the Federal Trade Commission. If not curbed, these crimes have the potential to make the Internet so untrustworthy that electronic commerce might slow considerably. While online banking and e-commerce are very safe, as a general rule, you need be careful about giving out your personal financial information over the Internet. Be suspicious of any e-mail with urgent requests for personal financial information because it’s probably a scam.

Phishing Scams: How to Avoid Being a Victim

• Phishers typically include upsetting or exciting (but false) statements in their e-mails to get people to respond immediately
• Phishers typically ask for personal information such as usernames, passwords, credit card numbers, social security numbers, etc.
• Phisher emails are typically NOT personalized. Valid messages from your bank or e-commerce company generally have your correct name
• Be wary of e-mail! Never click on any link to a bank, eBay, or other merchants. Instead, open a browser (not just a new window) and type in the URL yourself. When in doubt, call the institution using the number listed in the phone book, not one provided in the e-mail or link
• Avoid filling out forms in e-mail messages that ask for personal financial information
• Practice good computer hygiene. Don’t click on attachments. Run both anti-virus and anti-spyware applications. Firewall and privacy protection software are also a good idea. Update this software, as well as your operating system, on a regular basis.
• Encrypt it or shred it. Use a cross-cut shredder (makes confetti, not long strips which are too easily reassembled) or burn documents containing personal information. Do not store PINs on your computer; lock them up or encrypt them.
• Ensure that you’re using a secure Website when submitting credit card or other sensitive information via your Web browser. Check the beginning of the Web address in your browsers address bar – it should be “HTTPS://” rather than just “HTTP://”
• Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate
• Order credit reports on yourself yearly and reviews them carefully. (These are often available for free. Visit www.privacy.ca.gov for information.)

Report “phishing scams” or “spoofed” e-mails to the following groups:

• Forward the phishing email to reportphishing@antiphishing.com
• Forward the phishing email to the Federal Trade Commission at spam@uce.gov
• Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov

• Listen to the Crime School Podcast