Phishing-Hook, Line and Sinker

By Patti Wheelock

Tune into just about any news station, or log on to your favorite news Web site, and you’ll likely hear or read about yet another Internet e-mail scam! These scams consist of fraudulent e-mail messages that appear to be from a legitimate Internet address with a justifiable request -- usually directing the user to a Web site for verification or updating of personal information or account details (passwords, credit card, Social Security, and bank account numbers). The messages suggest negative repercussions for not following the embedded link, such as “your account will be deactivated or suspended.”

These types of fraudulent e-mail are commonly referred to as “phishing” because they use bait that lures unsuspecting victims. The goal of the “phisher” (sender) is for users to fall for the bait by providing personal information or account details so that cyber crooks can then withdraw money directly from victims’ bank accounts or go on frantic shopping sprees with the credit card information.

Phishing has become the fastest rising cyber crime for stealing personal finances and perpetrating identity theft. Gartner Research reports that an April 2004 survey shows “57 million (41 percent) of U.S. adults have, or think they have, received a ‘phishing’ attack e-mail.” Despite heightened consumer awareness, The Anti-Phishing Working Group notes in their “Phishing Activity Report - January 2005” that the number of unique phishing Web sites doubled between October 2004 and January 2005.

Internet Options Security Settings

The MSN Safety & Security Web site offers some great information on phishing that will help you spot the bogus e-mail and protect your personal information. Click the “Protect your inbox” tab.

Here are some quick tips to help you avoid getting hooked by a phisher:

  • Use spam filters

  • Be defensive with personal information. Do not reply to an e-mail message that asks for personal or financial information, and be wary of clicking links in such messages. Instead, type the URL into your browser.

  • Make sure a Web site protects your personal information and is legitimate. Give out personal information only on Web sites that encrypt your data:

    Internet Options Security Settings

  • Review credit card and bank account statements regularly.

  • Improve your computer’s security by using a firewall, installing and updating antivirus software, and keeping your Windows and Office software up to date.

  • Don’t download files, and be cautious about opening attachments in e-mail messages from people or companies you don’t know. Even take care when clicking on chain e-mail and other attachments from friends.

If you think you’ve been a victim of phishing:

  • IMMEDIATELY CLOSE any accounts accessed or opened fraudulently.

  • IMMEDIATELY CHANGE passwords and PINs on ALL of your online accounts.

  • IMMEDIATELY file a report with your local police department or wherever any subsequent ID theft may have occurred.

  • IMMEDIATELY place a fraud alert on your credit reports by contacting each of the three major U.S. credit bureaus:

    • Equifax: 1-800-525-6285

    • Experian: 1-800-397-3742

    • TransUnion: 1-800-680-7289

  • File a complaint with the U.S. Federal Trade Commission (FTC). Or call the FTC’s toll-free Identity Theft Hotline at 877-438-4338.

Related Links

The Anti-Phishing Working Group
U.S. Federal Trade Commission (FTC)
Microsoft Security At Home
MSN Safety & Security Web site
Gartner Research, “The Growing Threat of Online Attacks on Consumers”
The Anti-Phishing Working Group, “Phishing Activity Trend Report” (PDF)

See other Security Tip of the Month columns.