Identity Theft Methods – No Fishing Allowed AKA ‘Phishing’
Posted by Wolf on February 7, 2010 under identitiy theft
Rook Davis asked:
Probably one of the most dangerous and effective methods of stealing someone’s personal information, also known as identity theft, is by the use of a method that probably could use a better name, or at least a better spelling.
‘Phishing’ (pronounced ‘fishing’) is called that because it is just that – fishing for information, fishing for unsuspecting people, fishing to get someone on the hook. The basic idea is that a criminal will send out emails to hundreds of people trying to get the recipient to give them personal or financial account information. On the surface, you might wonder why anyone would get an email and immediately hand over their banking information, but the emails are usually crafted in such a manner to trick the recipient into believing the message actually came from someone they trust. I get emails frequently from banks that I don’t have accounts with claiming some ‘problem’ with my account. The concept is that if the crooks send out enough emails, someone who does have an account will open it and believe it. Often the emails even have official bank or credit card logos, and a link for the user to click on.
An example might be an email, supposedly from your bank, which states ‘your account may have been compromised, please click the link and enter your account information to see if you are affected.’ The link will then take the user to a very official looking site, which has nothing to do with the bank. As soon as the user enters their information, the crooks have it. They then take that information to access the person’s real account.
One thing to keep in mind is that you can be a target for phishing even if you don’t do any shopping while you are online. All it takes is an email, carefully worded, to find its way into your inbox and look like it comes from some entity that you have an account with. Your bank, your phone company, your cable provider. Usually crooks go right after financial data but address data is valuable to them as well, so don’t think you are immune just because you don’t shop online.
So how do you protect yourself?
First, understand that banks and credit card companies are aware of the problem and do not send out emails to verify your account. Never. If you get such an email, and you want to check your account, pick up the phone and call your bank directly.
DO NOT CLICK ON ANY LINKS IN THE EMAIL. More importantly, DO NOT enter any information. Banks already have your information, and do not need you to re-enter all of the critical data. Again, if you receive such an email and are concerned, CALL the bank. A good rule of thumb with all email is that if you don’t know who sent it, don’t open it. Period.
Secondly, when you receive such an email, you can usually tell a phishing scam (beyond the obvious tip-off with language such as ‘enter your information’ by placing your cursor over the links in the email and then reading the target url in the status bar of your browser. Usually, the link on the email will say the name of the bank but the url will be pointing somewhere entirely different.
Third, if you really want to take action, you can contact the United States Computer Emergency Readiness Team, located at http://www.us-cert.gov/nav/report_phishing.html. Remember, just because you know about the scams doesn’t mean the crooks won’t nail someone else. If you do report them, you might help prevent someone else from getting defrauded by phishers.
Probably one of the most dangerous and effective methods of stealing someone’s personal information, also known as identity theft, is by the use of a method that probably could use a better name, or at least a better spelling.
‘Phishing’ (pronounced ‘fishing’) is called that because it is just that – fishing for information, fishing for unsuspecting people, fishing to get someone on the hook. The basic idea is that a criminal will send out emails to hundreds of people trying to get the recipient to give them personal or financial account information. On the surface, you might wonder why anyone would get an email and immediately hand over their banking information, but the emails are usually crafted in such a manner to trick the recipient into believing the message actually came from someone they trust. I get emails frequently from banks that I don’t have accounts with claiming some ‘problem’ with my account. The concept is that if the crooks send out enough emails, someone who does have an account will open it and believe it. Often the emails even have official bank or credit card logos, and a link for the user to click on.
An example might be an email, supposedly from your bank, which states ‘your account may have been compromised, please click the link and enter your account information to see if you are affected.’ The link will then take the user to a very official looking site, which has nothing to do with the bank. As soon as the user enters their information, the crooks have it. They then take that information to access the person’s real account.
One thing to keep in mind is that you can be a target for phishing even if you don’t do any shopping while you are online. All it takes is an email, carefully worded, to find its way into your inbox and look like it comes from some entity that you have an account with. Your bank, your phone company, your cable provider. Usually crooks go right after financial data but address data is valuable to them as well, so don’t think you are immune just because you don’t shop online.
So how do you protect yourself?
First, understand that banks and credit card companies are aware of the problem and do not send out emails to verify your account. Never. If you get such an email, and you want to check your account, pick up the phone and call your bank directly.
DO NOT CLICK ON ANY LINKS IN THE EMAIL. More importantly, DO NOT enter any information. Banks already have your information, and do not need you to re-enter all of the critical data. Again, if you receive such an email and are concerned, CALL the bank. A good rule of thumb with all email is that if you don’t know who sent it, don’t open it. Period.
Secondly, when you receive such an email, you can usually tell a phishing scam (beyond the obvious tip-off with language such as ‘enter your information’ by placing your cursor over the links in the email and then reading the target url in the status bar of your browser. Usually, the link on the email will say the name of the bank but the url will be pointing somewhere entirely different.
Third, if you really want to take action, you can contact the United States Computer Emergency Readiness Team, located at http://www.us-cert.gov/nav/report_phishing.html. Remember, just because you know about the scams doesn’t mean the crooks won’t nail someone else. If you do report them, you might help prevent someone else from getting defrauded by phishers.
Leave a Reply