It’s not something you do with a rod and reel or an alternative music group. Phishing is an online scam used to commit identity theft. A fraudulent, but official-looking e-mail is sent to a user in an attempt to con that user into divulging personal and/or private information, which is then used for identity theft. The sender is “fishing” for a bite from a few of the millions of recipients of the fake e-mail.
You receive an e-mail that claims you need to provide personal information to update an account. In some cases, the e-mail claims that you account will be deactivated, or in the more bizarre cases, that bank regulators will suspend the federal deposit insurance on your bank account, unless you verify your key personal and financial data. Fraudulent e-mails from e-bay and PayPal are the most common examples.
Other incidents of phishing include e-mails purporting to come from a government agency, such as the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency or the Securities Investor Protection Corporation.
Users are then asked to click on a link that takes you to a web site that looks nearly identical to official government websites or a bank’s site. There people are asked to update information such as name, account and credit card numbers, mother’s maiden name, etc.
Some phishing scams have taken a new turn by offering cybersafety information to potential victims of the dangers of phishing scams. Common tricks include offering general tips about malware (trojans etc) and providing information to ‘clients’ about their updated security measures with the goal of getting people to enter their account details in a spoofed website. This is classic ‘social engineering’, designed to trick people by playing on the assumption many would make that a phishing scam would never warn potential victims of the dangers of phishing scams.
Colorado ranks third in the Nation for complainants per 100,000 people according to the 2005 IC3 Annual Internet Fraud Report. And Colorado ranks 15th in the Nation for the number of perpetrators per person.
Remember, all phishing emails are frauds – made to look like an email from a company with a large customer base. Thus a random spam email (online junk mail) will hit a percentage of people that are indeed customers of the business named. Frequently, the link actually takes people to a ‘spoofed’ website – one made to look like the legitimate one. Once the details are typed in and the fraud concluded, these schemes can actually then link the scam victim to the real company site.
There are a number of things that people can do, however, to ensure that they too do not become victims of phishing:
• Ignore e-mails that warn about fraudulent charges to your account or claim that your bank account or credit card account will be shut down unless you reconfirm certain information. Most important, do not reply or click on the link in the e-mail.
• If you’re worried the e-mail might be legitimate, call the company using a telephone number listed on your account statement or bill.
• Use anti-virus software and/or firewalls on every computer you own/use. Remember that children are easy prey to the ‘just click here’ tactic.
• Pay attention to the Web address. Most legitimate sites will have a relatively short Internet address that usually ends with .com or .org. Phishing sites are more likely to have an excessively long line of characters in the Web address with the legitimate business name included somewhere in the string, or possibly not at all.
• Forward any suspicious e-mails to the Federal Trade Commission (FTC) at firstname.lastname@example.org. If you believe you’ve been scammed, file your complaint at www.ftc.gov, then visit the FTC’s identity theft Web site (http://www.consumer.gov/idtheft/ for tips on minimizing the damage from identity theft. You should also contact your local police or sheriff’s department and file a complaint with the FBI’s Internet Fraud Complaint Center at www.ic3.gov/.