Phishing-Hook, Line, and Sinker - 01 Apr 2005

Tune into just about any news station, or log on to your favorite news Web site, and you'll likely hear or read about yet another Internet email scam! These scams consist of fraudulent email messages that appear to be from a legitimate Internet address with a justifiable request - usually directing the user to a Web site for verification or updating of personal information or account details (passwords, credit card, Social Security, and bank account numbers). The messages suggest negative repercussions for not following the embedded link, such as "your account will be deactivated or suspended."

These types of fraudulent email are commonly referred to as "phishing" because they use bait that lures unsuspecting victims. The goal of the "phisher" (sender) is for users to fall for the bait by providing personal information or account details so that cyber crooks can then withdraw money directly from victims' bank accounts or go on frantic shopping sprees with the credit card information.

Phishing has become the fastest rising cyber crime for stealing personal finances and perpetrating identity theft. Gartner Research reports that an April 2004 survey shows "57 million (41 percent) U.S. adults have, or think they have, received a 'phishing' attack email." Despite heightened consumer awareness, The Anti-Phishing Working Group notes in their "Phishing Activity Report - January 2005" that the number of unique phishing Web sites doubled between October 2004 and January 2005.

The MSN Safety & Security Web site offers some great information on phishing that will help you spot the bogus email and protect your personal information. Click the "Protect your inbox" tab.

Here are some quick tips to help you avoid getting hooked by a phisher:

Use spam filters

Be defensive with personal information. Do not reply to an email message that asks for personal or financial information, and be wary of clicking links in such messages. Instead, type the URL into your browser.

Make sure a Web site protects your personal information and is legitimate. Give out personal information only on Web sites that encrypt your data.

Review credit card and bank account statements regularly.

Improve your computer's security by using a firewall, installing and updating antivirus software, and keeping your Windows and Office software up to date.

Don't download files, and be cautious about opening attachments in email messages from people or companies you don't know. Even take care when clicking on chain email and other attachments from friends.

If you think that you've been a victim of phishing:

Immediately close any accounts accessed or opened fraudulently.

Immediately change passwords and PINs on ALL of your online accounts.

Immediately file a report with your local police department or wherever any subsequent ID theft may have occurred.

Immediately place a fraud alert on your credit reports by contacting each of the three major U.S. credit bureaus:
Equifax: 1-800-525-6285
Experian: 1-800-397-3742
TransUnion: 1-800-680-7289

File a complaint with the U.S. Federal Trade Commission (FTC). Or call the FTC's toll-free Identity Theft Hotline at 877-438-4338.