What can you tell me about the 'phishing' internet scam?



In the past, consumers could count on in-place security measures while visiting the Internet. If “https” appeared in the address window, they knew the “s” meant secure. If there was a yellow lock icon, they felt safe. Internet scammers have become more sophisticated, however, and consumers can’t count on these security measures as they have in the past.

Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims. They go “phishing.”

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing credit card numbers, bank account information, Social Security number, passwords or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization you work with — your Internet service provider (ISP), bank, online payment service or even a government agency. The message usually says you need to update or validate your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks like a legitimate organization’s site, but it isn’t. The purpose of the bogus site is to trick you into divulging personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The following is an example of an actual phishing message:

In order to maintain the safety and integrity of our [banking institution name] community, we have issued the following warning. It came to our attention that your account may be suspected of fraud. We ask our users with exposed accounts to confirm their identity with [banking institution] every once in a while, in order to upkeep the safety of our environment. If the submitted information will fail to match our records for three times, your account will be suspended until further notice. If you will fail to confirm your identity within the next 48 hours, you account will be suspended until further notice.

The lures in the above example are the words “fraud” and “your account will be suspended until further notice.” Consumers today are concerned about fraud, so this statement quickly catches their attention. Secondly, the threat of having an account closed is another hook used to get the reader to reply.

Consider these tips to avoid getting hooked by a phishing scam:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization using a telephone number you know is legitimate, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.
  • Be aware of phishing scams related to free consumer credit reports. Scammers email and phone consumers and tell them they can receive a free credit report that will be sent upon disclosure of personal information. This is not the way to obtain a free credit report. The consumer must contact the agency responsible for delivering the credit reports — the agency will not contact the consumer.
  • If you have not made the initial contact, be suspicious whenever you are asked for personal identifying information. Even when charitable organizations contact you for a donation, get their number and call them back.
  • Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure. Unfortunately, as mentioned, no indicator is foolproof since some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to determine if there are unauthorized charges. If your statement is late by more than a few days, call your credit card company or bank to confirm your billing address and account balances.
  • Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones. Also look for software that can effectively reverse the damage and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It is especially important to run a firewall if you have a broadband connection. Your operating system (i.e. Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
  • Be cautious when opening attachments or downloading files from emails you receive, regardless of who sent them.
  • Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and handle deceptive spam.

Posted on 28 Feb 2005

Ann House
Bankruptcy Prevention

Other Questions In This Topic