Don’t Get Hooked
The e-mail message from your bank sure sounds important: your account information must be updated or the account will be closed.
The message looks legitimate. The bank’s logo is embedded in the message, the web address looks genuine, and there’s a link to a web page for you to enter the requested information. When you click the link, there’s a form that may prompt you to enter your Social Security number as well as account numbers and PINs for bank accounts, bank cards, and credit cards.
Don’t fall for it.
Messages such as these—called “phishing” schemes—are cons run by crooks looking to trick you into divulging information that enables them to commit identity theft, use your credit cards, and empty your bank accounts. Sometimes they sell this information to other scammers. These messages are disguised to look like they came from a legitimate financial institution or e-commerce company, but they never are.
Early phishing (pronounced “fishing”) schemes were crude, but in the past two years the crooks’ phishing bait has become more sophisticated--hooking even computer-savvy consumers.
Just how big is the problem? Here are some eye-opening statistics:
• According to the Anti-Phishing Working Group, nearly 5 percent of recipients respond to phishing messages.
• The number of phishing websites generating e-mail messages and other scams has increased 24 percent each month from July to December 2004 for a total of 1,707 such sites, the Anti-Phishing Working Group reports.
• A study by Gartner Group, an information technology research firm, found that phishing scam artists bilked consumers for $1.2 billion in 2003 and $2 billion in 2004. Banks, who often had to cover the fraudulent charges, took the biggest hit.
Even more alarming, some phishing schemes can swipe information even if you don’t respond. Here are some common dirty tricks:
Viruses and spyware.
Many phishing attacks load spyware or viruses onto your hard drive when you click a file attachment or a pop-up window from a website or download software that appears useful. These methods take advantage of web browser security vulnerabilities to gather information about your online activities.
Keystroke loggers.
Often delivered in a virus or worm, keystroke loggers (also called keyloggers) are programs that record every keystroke and action taken by a computer user. This is a way for crooks to steal information such as account numbers and PINs.
Website and search engine fraud.
Some fraudulent (or just unethical) websites gain visitors by using domain names similar to websites owned by well-known brands. If you make a typo when entering a web address, you may be taken to a website created with bad intentions. Another tactic is to build a website with keywords that will place it to near the top of search engine results. Typos and common search phrases are used in meta tags to drive visitors to the website.
Awareness of phishing tactics is the best way to ensure you avoid becoming the latest victim of these thieves. Always be careful with your personal information and web surfing habits to avoid trouble.
Protect Yourself Against Phishing
Take these steps to avoid getting hooked by phishing schemes:
1. No reply. It sounds obvious but don’t reply to unsolicited messages, especially those asking for personal information. Legitimate companies don’t solicit information this way.
2. Don’t click links. Links in phishing messages appear to go to a legitimate website but actually redirect you elsewhere. Instead of clicking, call the company using a phone number you know is legitimate. Or type the company’s web address directly into the browser to learn how to contact the company.
3. Not by e-mail. Don’t provide personal information by e-mail—it’s not secure. When providing information through a website, make sure it’s secure by checking to see if “https://” is in the web address and a padlock icon appears on the browser’s status bar.
4. Anti-virus, all the time. Make sure anti-virus and firewall software is always running and up-to-date. This keeps viruses, worms, spyware, and keyboard loggers off your computer.
Reporting Phishing Scams
Here are some steps to take if you are a phishing victim:
1. Contact your financial institution. Let bank officials know what happened and they can block access to your accounts and often reimburse you for fraudulent charges.
2. Contact credit reporting agencies. Protect your credit by letting these organizations know what happened. The three main U.S. credit-reporting agencies are Experian (www.experian.com), TransUnion (www.transunion.com), and Equifax (www.equifax.com).
3. Contact the FTC. The Federal Trade Commission investigates and prosecutes consumer fraud. You can file a complaint at www.ftc.gov. The FTC’s identity theft website (www.consumer.gov/idtheft) provides in-depth information about other actions you can take to prevent identity theft.