Phishing... don't get hooked

Today's scammers don't have to go dumpster-diving to get your personal information, as they have found a more sophisticated way to lure unsuspecting victims -- they go 'phishing'.  Phishing is a high-tech scam that uses spam or pop-up messages to deceive unsuspecting consumers into disclosing their credit card numbers, bank account information, Social Security number, passwords, and other sensitive information.  According to the FederalTrade Commission (FTC), phishers send an email or pop-up message that claims to be from a legitimate business or organization, and the message usually asks that the recipient "update" or "validate" his or her account information.
 

What is Phishing?
Phishing (pronounced “Fishing”) is an online fraud technique used by criminals to entice you to disclose your personal information.  Phishers use many different tactics to lure you, including e-mail and Web sites that mimic well-known, trusted brands.   The purpose of these fake messages are to trick consumers into providing the following:

  • Name and username.

  • Address and phone number.

  • Password or PIN.

  • Bank account number.

  • ATM/debit or credit card number.

  • Credit card validation code (CVC)

Examples of Phishing Schemes.

  • Fake e-mail messages that appear to be from a company you do business with warning you that they need to verify your account information or your account will be suspended.

  • A combination of auction fraud and fake escrow sites.  This occurs when items are put up for sale at a legitimate online auction to lure you into making payments to a fake escrow site.

  • Fake online sales transactions, whereby a criminal offers to buy something from you and requests that they pay you an amount well over the price of the item they are buying.  In return, they ask you to send them a check for the difference.  The payment to you is not sent, but your check is cashed, and the criminal pockets the difference. Additionally, the check that you send has your bank account number, bank routing code, address, and phone number.

  • Fake charities asking you for money. Unfortunately, many criminals take advantage of your goodwill.

How can you tell if an e-mail message is a fraud?

  • Requests for personal information in an e-mail message.
    Most legitimate businesses have a policy that they do not ask you for your personal information through e-mail. Be very suspicious of a message that asks for personal information even if it might look legitimate.

  • Urgent wording
    Phishing emails almost always try to get you to respond to the message or to click the link that is included.  To increase the number of responses, criminals attempt to create a sense of urgency so that people immediately respond without thinking. 

  • Lack of personalization
    Usually, fake e-mail messages are NOT personalized.  For example:  Dear valued member, it has come to our attention that your account information needs to be updated due to inactive member, frauds, and spoof reports.  Failure to update your records will result in account deletion.  Please follow the link below to confirm you data.

  • Fake links
    Phishers are getting very sophisticated in their ability to create misleading links to the point where it is impossible for the average person to tell if the link is legitimate or not. It's always best to type in the Web address of the company that you trust, instead of using the link in the email.  The link you are urged to click might contain all or part of a real company's name and can be "masked," meaning that the link you see does not take you to that address but somewhere different, usually a faked Web site.

  • Links using an @ sign
    Be aware of URLs that include the @ sign.  The URL would take you to the location that comes after the @ sign, not to your trusted site. This is because browers ignore anything in the URL that comes before the @ sign. 

  • The message body is an image
    To avoid detection by spam filters, fake e-mail messages used in phishing schemes often use an image instead of text in the message body.  The message body image is usually a link to a Web page. 

  • Attachments
    Many phishing schemes ask you to open attachments, which can then infect your computer with a virus or spyware.  If spyware is downloaded to your computer, it can then record the keystrokes you use to log into your personal online accounts and then sends that information back to the criminal.  So be sure not to open attachments in suspicious e-mail messages.  Any attachment that you want to view should be saved first, and then scanned with an up-to-date antivirus program before you open it.

  • Promises that seem too good to be true
    Use common sense and be suspicious when you are offered money or discounts that seem too good to be true.

  • Type-o's and poor grammar
    Since many fraudulent emails are mass produced, there is a good chance you will find misspellings and poor grammar.  A legitimate business will usually check these items before sending an email to their customers.