Be Aware of Phishing Scams!
By Nowshade Kabir, Rusbiz.com
If you use emails actively in your communication, you must have received
various messages claiming to be from Ebay, Paypal and a number of banks.
A recent email as if from U.S. Bank Corporation that I received contains
the subject "U.S. Bank Fraud Verification Process" and in
the body of the mail it says "We recently reviewed your account,
and suspect that your U.S. Bank Internet Banking account may have been
accessed by an unauthorized third party. Protecting the security of
your account and of the U.S. Bank network is our primary concern. Therefore,
as a preventative measure, we have temporarily limited access to sensitive
account features. To restore your
account access, please take the following steps to ensure that your
account has not been compromised:". It continues with a link to
a webpage, which looks very similar to original web page of the bank.
The misleading web site appears authentic with familiar graphics and
logos. The wordings are professional right down to the legal disclaimer
at the bottom of the page.
If you happened to be holding an account of the claimed bank, followed
the instructions of the email and input your account, pin, password,
etc. you are doomed. You just have handed over access to your account
to a con artist, who, in a matter of days, will drain off all the money
available in that account.
This new scam, which is proliferating in a very rapid pace, is called
"Phishing". Phishing is a form of identity theft, where a
con artist with the help of official looking email containing link to
phony web pages capable of harvesting information, tricks an unsuspecting
victim into divulging
sensitive personal data. Scammers use these data to bilk victims out
of their savings.
One of the most common phishing campaigns being waged has targeted
users of Web auction giant eBay and its PayPal division with financial
services giant Citibank serving as another popular target. However,
recently, every major bank has been hit with this scam. Crooks send
out huge amounts of emails with an expectation that some of these email
address owners may have online access to their accounts at the bank.
The term "Phishing" is a deviation of the word "Fishing".
In hackers' lexicon, in many words, "F" becomes "Ph".
The term derives from the fact that scammers use sophisticated bait
as they "fish" for users' personal information.
According to Gartner, a research firm, illegal access to checking accounts
gained via phishing has become into the fastest growing type of consumer
theft in the United States.
Roughly 1.98 million people reported that their checking account was
breached in one way or another during the last year and US$ 2.4 billion
were defrauded from the victims!
Gartner also estimated that 57 million U.S. Internet users have received
phishing emails and 3 percent of them may have fooled into revealing
their personal sensitive information.
The Anti-Phishing Working Group has also spotted a dramatic increase
in reports of phishing attacks in recent months. Since November, 2003
phishing scams increase by about 110 percent each month. In April alone,
the group identified 1125 unique phishing scams, a sharp lift of 178
percent from the previous month.
MessageLabs, a company that watches phishing scams closely, has noted
an even more dramatic increase in number of phishing emails. It claims
to see phishing messages jump
from just 279 in September, 2003 to a staggering 215,643 in March of
2004.
The scammers also started to use more sophisticated technologies in
recent months. The latest generation of phishing scammers uses several
methods to trick users, including pop-up graphics to mast the true web
URL of the phishing site and the installation of Spywares and Trojans
on victim's computer. The perpetrators also take advantage of security
bugs in web browsers, in which the URL in the address bar appears to
be for one site but is, in fact, a link to a totally different site.
A new Windows worm under the name "Korgo" is able to infiltrate
into victim's system with a key logging Trojan, steal information that
the victim input in web forms and secretly transmit to designated server.
There are a number of variants of this worm and they are spreading rapidly.
However, Microsoft in April came up with a patch to seal this glitch.
Many computers without the patch are still vulnerable to this potentially
dangerous worm.
A U.S. Treasury report provides consumers with steps to prevent and
report phishing scams:
- Do not respond to or open any e-mail that warns that an account is
about to be closed. Contact the company directly by phone and inquire
of this e-mail.
- Do not submit financial information unless there is a symbol for
a locked padlock on the browser's status bar. Also look for the https://
at the beginning of the Web address. If both of these signs are
absent, the Web site is not secure.
- Always review your bank statement and credit card statements immediately
upon receipt.
- Verify the domestic telephone number listed on the Web site through
directory assistance or other reliable sources and call the number.
Many phishing attacks have
originated outside the U.S. and don't have a domestic number.
- Report suspicious activity or if you have been defrauded to the FTC
and the FBI.
- Phishing e-mails can be forwarded to uce@ftc.gov. Complaints can
be filed at www.ftc.gov. Phishing attacks can also be reported to the
Internet Fraud Complaint
Center at www.ifccfbi.gov.
Other cautionary measures you should take in order to protect yourself
are:
- Since most of the phishing emails come through spam, get a spam filter
and install on your computer.
- If you suspect a phishing attempt, report immediately to the bank.
Every bank web site has a link or a toll-free number to report scams.
Don't be ashamed if you were tricked into divulging account information.
If you report it immediately, your account will be protected until you
receive a new PIN.
- Change your password and PINs regularly. Banks advise that you use
separate PINs and passwords for different accounts, that way if one
gets compromised, your entire financial life won't be revealed.
- If you are a frequent user of EBay, download its Web browser toolbar,
a small program that runs with a user's Web browser. It flashes red
when the user visits a possible spoof site. The toolbar uses a database
of spoof site URLs, submitted by customers and is updated quite often.
- Check your computer frequently for possible Trojan virus.
Nowshade Kabir is the founder, primary
developer and present CEO of Rusbiz.com.
A Ph. D. in Information Technology, he has wide experience in Business
Consulting, International Trade and Web Marketing. Rusbiz is a Global
B2B Emarketplace with solutions to start and run online business.
You can contact him at nowshade
<at> rusbiz.com, http://ezine.rusbiz.com/newsletters/newsletter33.htm |
