What is a phishing scam?
Just when you thought it was safe to go back into your Inbox, there's a new form of spam e-mail on the horizon. This spam is more than just unwanted and annoying. It could lead to the theft of your credit card numbers, passwords, account information, or other personal data. Read on to find out more about this new identity theft scam and to learn how to help protect your privacy.
How does phishing work?
A phishing scam sent by e-mail may start with con artists who send millions of e-mail messages that appear to come from popular Web sites or sites that you trust, like your bank or credit card company. The e-mail messages, pop-up windows, and the Web sites they link to appear official enough that they deceive many people into believing that they are legitimate. Unsuspecting people too often respond to these requests for their credit card numbers, passwords, account information, or other personal data.
How can I tell if an e-mail message is fraudulent?
Just as in the physical world, con artists will continue to develop new and more sophisticated ways to trick you online.
The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.
"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate.
If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond to this phishing scam.
"If you don't respond within 48 hours, your account will be closed."
Phishing e-mail may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail may threaten to close or suspend your account or may even say your response is required because your account may have been compromised.
"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name.
"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.
Another common technique that con artists use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com Microsoft won several lawsuits against individuals who have used these types of URLs to pose as legitimate Microsoft properties. However, the practice remains pervasive, so be aware of this technique.
‘Phishing’ with phones: the latest scam
Help avoid this new form of ID theft
Traditionally, phishing scams have used e-mail to direct potential victims to phony Web pages to steal their identities. Now, there's a new twist on phishing.
Instead of being directed to a Web page, you could be prompted to call a customer support number where a person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data to steal your identity and access your account. Often the person on the other end of the phone line will make claims that your account will be closed or other problems could occur if you don't respond. Read on to learn how to avoid falling prey to this new threat.
Although law enforcement and other security agencies can trace phone numbers, perpetrators often use payphones, stolen cellular phone numbers, or hacked accounts, so it's important to avoid being conned rather than try to minimize damage afterwards.
Note: This scam may also take advantage of fax or VoIP (Voice over Internet Protocol) numbers as well.
Tips to help avoid being a victim of phone phishing:
Treat all unsolicited e-mail (and phone) messages with scepticism and avoid clicking on links.
- Before you call, research unfamiliar area codes first using legitimate phone companies to avoid premium rate, international, or other call charges.
- To determine actual customer support and other phone numbers, check the organisation's Web site. And when you do your research, don't follow a link in an e-mail—always type the Web site URL address yourself.
- If available, refer to your hardcopy records of past invoices or statements for legitimate contact phone numbers and other information. Customer support phone numbers are also often listed on the back of credit cards.
- Stay current about the latest identity-theft scams through industry-standard security newsletters, security Web sites, and other reliable sources.
- Scrutinise your e-mail for telltale signs of a phishing attempt, such as poor grammar, typos, strange Web addresses, or anything else that seems suspicious.
|
