You may have heard of phishing scams by now but if not, here is a quick and simplistic definition. A pervasive phishing scam is a fraudulent message mostly coming to you in the form of e-mail but could also come to you in other forms like a phone call. The message “appears” to you to be coming from a source like a company or a web site you recognize and “trust”. The act of pretending to be someone else in an e-mail or phone call to gain your trust is also known as “pretexting” or “spoofing”. The intent of the message is to get some type of information from you like a credit card number, password, or other personal information. Notice we emphasize the words "appears" and "trust", because once you trust a source, because the sender appears familiar to you, then you might just respond as the message wants you to respond and react. As said, most phishing scams come to us in the form of e-mails but they could also come to us by phone or paper mails.
There are many scenarios you might face in such phishing scams but here’s a typical case. You might open your e-mail account one day and notice a nice looking e-mail that appears to be coming from your bank. Your bank’s logo is there right in the middle of the e-mail embedded within an image copy of your bank’s web site. You immediately recognize the logo because you’ve seen it before during your online banking activities. What gets your attention even more is the subject line of the e-mail that says, “your account has been closed” or “your mortgage account is delinquent”. Now that criminals have your attention, they then ask you to login to your account by clicking on a link in the e-mail. You click the link of course because you “trust” the source; it “appears” to be legitimate. The link takes you to a nice and familiar looking web site. It’s your bank’s web site to your innocent eyes. You are now convinced 100% that your bank account has a problem. You are eager to login to your account and see what happened. As clueless as you might be at this point, the e-mail, which you have just opened and clicked, the link within, just installed a malicious program to monitor your every movement on your computer also called a “keystroke logger”. What this spy software does is it runs hidden in the background of your computer to watch your every move and the strokes on your computer keyboard. You and the spy software are now ready to work together, hand in hand, for a one sided goal; the theft of your personal information and even the available cash balance of your bank accounts. You type in your ID and password to access your account, the system tells you the server is down and asks you to come back later and you listen and obey as instructed because you trust the source.
While you wait impatiently for the server to be up and running, the thieves who just got the hold of your ID and password try to empty your account while you’re waiting for the server to come back. The spy software can now also monitor every thing else you do on your computer like accessing your other accounts, communicating important business information and more. The monitoring will continue until you detect and remove the software.
Just one important note; in this case, the installation of the spy software was not necessary to get your ID and password. By just typing your ID and password in the fake web site and pressing the send button would have given your access information to the thieves. But let’ assume for one minute we are the criminals god forbid, why would we not take complete advantage of an innocent victim and take over their bank account and their computer at once now that we have the victim’s desired response? Don’t they say to kick your opponent even more when he’s down bleeding? It’s sad but it’s a war, and you are an opponent whether you asked for and want it or not. We almost used the word game instead of war but we don’t think this is a game because people die due to health identity theft and families get bankrupt, destroyed and financially ruined with their credit reports and scores gone down the toilettes.
Now, here are a few things to consider in the anti phishing fight:
-Install, use and regularly update anti-virus, anti-spyware and firewall software on all your computers. Anti-virus software will recognize a dangerous file and a firewall will block communication from all unauthorized sources.
-Don’t open and don’t reply to unrecognized or suspicious popups and email scams phishing for personal information. We can usually smell a suspicious and e-mail fraud phishing for our information if we pay close attention. Usually, if the e-mails, logos and web sites are too pretty or too clumsy, that’s a good sign. Plus, why would banks send e-mails for delinquent mortgage accounts, they’ll send the sheriff in that case. If we're still worried about the state of our account or if we're not sure if the e-mail is fraudulent, we just contact the bank directly by calling them, sending them an e-mail, or submitting a contact form straight from their web site.
-Don’t call back the number in the phishing e-mail. If you want to contact your bank, get their number from their web site or your monthly statements.
-Don’t open any attachments in the phishing e-mail either. Some attachments are malicious files and can bring your system down among other problems.
-Don’t click on the links within the phishing e-mails. As we said, the link may contain malicious executable programs that can run on your computer, hidden in the background. And, Don’t copy and paste the links either. Just delete the e-mail or the pop-up message.
-Report all spams, especially the ones that are fishing spams. Report them to your place of work, to your Internet Service Provider (ISP), to the business that’s being forged, to the government at spam@uce.gov and to the Anti-Phishing Working Group at reportphishing@antiphishing.org which produces reports to be used by ISPs, security vendors, banks and others to fight this crime. Learn about spams and how they relate to phishing.
-Most victims of phishing may become victims of identity theft. Consider placing fraud alert or credit freeze on your credit reports. Get a free copy of your credit report if you have not done so yet and review the records therein. Notice any unauthorized accounts, transactions or inquiries.
Consider reading about other phishing scam cases, and jury duty phishing scam.