Internet index

Phishing on the Internet

I have been receiving a number of inquiries about my financial status from banks I do not even have an account at. This is a new, more serious form of Spam, and a deliberate attempt to obtain personal financial information from you for illegitimate ends. (i.e. someone else will rob you of your money from your bank account, pretending to be you). This is called Phishing "(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information."

Phishing attacks use 'spoofed' e-mails and fraudulent web sites designed to fool recipients into divulging personal financial data by hijacking well-known banks, online retailers and credit card companies, such as ebay or paypal.

Web page links within the e-mail messages direct recipients to Web sites disguised as official company Web pages. Present statistics indicate that 5% of the people contacted are fooled and release their financial information to the "Phisher"

  • Be suspicious of any e-mail with urgent requests for personal financial information
    • unless the e-mail is digitally signed, you can't be sure it wasn't forged or 'spoofed'
    • phishers typically include upsetting or exciting (but false) statements in their mails to get people to react immediately
    • they typically ask for information such as user names, passwords, credit card numbers, social security numbers, etc.
    • phisher mails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are
  • When you receive a suspect e-mail call the company on the telephone, or log onto their web site directly by typing in the Web address in your browser
  • Avoid filling out forms in e-mail messages that ask for personal financial information
  • Only communicate information such as credit card numbers or account information via a secure web site (secure web site will have a picture of a closed padlock somewhere on the page) or the telephone
  • Always ensure that you're using a secure web site when submitting credit card or other sensitive information via your Web browser. The beginning of the Web address in your browsers address bar should be "https://" rather than just "http://"
  • Regularly log into your online accounts, check your bank, credit and debit card statements to ensure that all transactions are legitimate
  • If anything is suspicious, contact your bank and all card issuers
  • Don't use the links in an e-mail to get to any web page, if you suspect the message might not be authentic

Other Preventive Measures 1) Microsoft Internet users go to http://www.microsoft.com/security/ to download a special patch relating to certain phishing schemes
2) EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites.
download the tool bar at http://www.earthlink.net/earthlinktoolbar

Copyright 2005 Sharpwit Web Consultants