Phishing

What is it?

Phishing is an Internet scam that uses spam, web pages, chat rooms, instant messaging or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.


How does it work?

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.

In collaboration with the Anti-Phishing Working Group,Scamdex presents some recommendations to help you and those in your care, avoid becoming an Identity Theft/Phishing victim:.
  1. Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
    • phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are.
    • Don't EVER use the links in an email to get to any web page. If you suspect the message might not be authentic
    • Call the company on the telephone, or log onto the website directly by typing in the Web address in your browser or using your own bookmarked link..

    • Avoid filling out forms in email messages that ask for personal financial information
      • you should only communicate information such as credit card numbers or account information via a secure website or the telephone.
      • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
      • to make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://" Look for the padlock in the status bar on the bottom right of your browser - it should be locked shut.
    • Install a Web browser tool bar or a new browser to help protect you from known phishing fraud websites:
      1. EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites.
        How ScamBlocker Works
        ScamBlocker A green thumbs-up icon indicates that the Web page you're visiting is either on EarthLink's list of sites that have been cleared by our EarthLink-certified staff, or the page has passed all the tests run by ScamBlocker.
        ScamBlocker A neutral ScamBlocker image means that while we cannot guarantee that the Web page you are viewing is safe, ScamBlocker has found nothing on the page to indicate a scam.
        ScamBlocker A yellow thumbs-down icon is a warning to use extreme caution when accessing this site. ScamBlocker's analysis has identified characteristics that are often present in "phisher" Web sites. Keep in mind, however, that certain Web page elements often used by scammers, such as insecure forms, are also used by legitimate Web sites.
        ScamBlocker A red thumbs-down icon indicates that the Web page in question is highly suspicious, and may be a part of a "phisher" scam trying to steal your financial and/or personal information.

      2. The FireFox Web browser has in-built technology to alert you when you surf to a page that is insecure or known to be unsafe. Scamdex tests a lot of the urls in scam emails on Firefox and it catches about 90% of them. This is a good way to keep seniors and children safe as the messages are front and center and pretty unabiguous.

      3. Cloudmark and Qurb both also have commercial toolbars that perform the same service. (see ads opposite)

    • Regularly log into your online accounts - don't leave it for as long as a month before you check each account.

    • Register with a Credit Reporting agency to send you wanrings when significant events occur with your credit history.
      • LifeLock has a $1 Million guarantee on it's LifeLock product which protects you from Identity theft for as little as $10/month.
        (Look out for moy forthcoming review of this product).
      • American Express offers a very good creidt monitoring product (CreditSure) that Scamdex has used for years.
    • Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
      • if anything is suspicious, contact your bank and all card issuers
    • Ensure that your browser is up to date and security patches applied
      • Microsoft Internet Explorer browser users should keep their computer up to date with Automatic Updates set.

    • Report "phishing" or “spoofed” e-mails and any websites you see to the following groups:
      • Forward the email to reportphishing@antiphishing.com
      • Forward the email to Scamdex
      • Forward the email to the Federal Trade Commission
      • Forward the email to the "abuse" and "spoof" email address at the company that is being spoofed (e.g. "spoof@ebay.com", "abuse@yahoo.com")
      • When forwarding spoofed messages, always choose the option to 'send as an attachment' so that the entire original email with its original header information remains intact
      • Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/
      • Check the Reporting Links page to find a specific agency that will take the information.