Gone Phishing............Scams

Greetings Bloggers

Don’t bite the bait!

Internauts: beware! A new breed of fishers are throwing their lines in the great big sea that is the Internet… And they want you to bite their bait!

With the ever-expanding number of Internet users doing online shopping, banking, and performing more and more online transactions, scammers have developed new schemes to fraudulently obtain personal information from unsuspecting victims.

How to identify online scams and avoid theft

1. What is “Phishing”?

Phishing is a tactic used by Internet scammers to lure you into providing personal and financial information, mainly by sending fraudulent emails that appear to originate from well-known, trustworthy organizations with which you may do business (i.e. major banks or online shops).

The term “phishing” was first used in the mid-90s, when fraudsters used this type of fake emails to “fish” for AOL users’ login names and passwords.

2. How to identify phishing scams

Phishing scams usually comprise two components: an email and the website to which the message links.

First contact: phishing emails

These spoofed emails urge you to click on a link provided in the message, which supposedly leads you to the organization’s website, where you can confirm your personal and financial details. In reality, the link takes you to a fraudulent landing page that is operated by the scammer, who receives any information you may supply there.

Phishers usually include real, actual links in their emails, such as links to the company’s main page or privacy statement, to further enhance the appearance of legitimacy of their spoofed messages.

Deceiving components of a phishing email:

* Misleading Subject Lines suggesting urgency: “Account Update Needed!”
* Forged Sending Address: email falsely appears to originate from accounts@mybank.com, for example.
* Genuine looking content: Email visuals and style copy those of genuine emails from the targeted company (including authentic images and links to consolidate the victim’s trust)
* Disguised Hyperlinks: A link shown as https://www.yourbank.com/login.php can actually take you to http://www.phishingscam!!!.com/
* Form to fill within the email: It is not at all secure to fill such a form with sensitive information.

Reasons frequently stated to justify the need to re-enter your details:

* “Unusual activity” in your account: you are being notified of a potential fraud with your account (how ironic!), and required to confirm your account number, PIN and other sensitive details to prove your ownership of the account and avoid its suspension.
* Technical failure: some of your account’s details were reset or “lost” following a failure with the organization’s database and you are asked to re-enter them in the system.
* You are declared the winner of a (bogus!) contest or sweepstakes and required to provide personal and financial information to claim your prize.

Deceptive links: phishing websites

Phishers back up their email scam with a spoofed website as identical to the legitimate one as possible to succeed in deceiving users into providing their sensitive information.

Spoofed websites are often perfect mirrors of the original site. Only the landing page corresponding to the email link must be spoofed: links on the spoofed landing page are usually proper links to the target organization’s true site.

Paypal, eBay and online banking sites are frequently targeted by phishers.

3. Phishing through viruses

Some viruses/trojans contain programs known as “key loggers”, whose effect amounts to a phishing attack. Hidden on your computer, key loggers record and forward everything you type to the phisher: usernames and passwords, bank account and credit card numbers, etc. Key loggers are especially dangerous because they facilitate complete identity theft.

4. What to do if you've been the victim of a phishing attack...

If you believe you may have given out sensitive financial or personal information to an ill-intended third party:

* Report the theft immediately to your credit card issuer, bank, major credit agencies and appropriate government offices (e.g. Social Insurance)
* Cancel your account and open a new one
* Carefully review your billing statements

In the case of a virus or trojan:

* Update your antivirus definitions and run a full system scan
* Update your personal firewall software and confirm all the network connections allowed by your firewall
* Update your anti-spyware software and run a full system scan
* After getting rid of the intruder, change all your passwords for any type of account requiring online authentication: bank and e-commerce accounts, eBay and Paypal accounts, email and Internet connection accounts, etc.

5. Final tips and helpful links

* Since phishers often exploit browsers’ vulnerabilities, make sure to download and install available security updates (such as patches) for your browser.
o Microsoft Security Home Page
o Mozilla (Firefox) Security Center
o Apple Support
* Download and install NetCraft’s anti-phishing toolbar to help you identify fraudulent sites.
* Useful Links:
o Anti-Phishing Working Group
o Fraud Watch International
o Phonebusters (Anti-fraud Centre)
o FBI

Remember:

* Legit companies doing online business are well aware of the many security issues implied with the transfer of sensitive information by email, and never send such requests to their customers.
* Never click on links provided in emails that allegedly take you directly to your account information. Always use your browser to access the company’s main page, and sign-in to you account from there as you normally would.
* Contact the company prior to undertaking any action if you have any doubt about the veracity of an email that seems to originate from a company with whom you have an account.

Hope you found this information useful.

Robert Drysdale
business website