Gone Phishing

Phishing Scams

Phishing is an illegal attempt to collect meaningful information, like your online bank account username, password, or credit card number, from an email recipient (target).  The emails masquerade themselves as coming from an organization you likely already due business with.  Large national banks like Citibank, Chase, CapitalOne, PayPal, PNC and others are the most frequent brands used by the criminals.  However, banks are not the only organizations used.  They will use social media sites, like FaceBook or LinkedIn, and other high traffic websites to trick the target into providing their information.

Popular Phishing Scams

  1. Email from your bank saying your account has been compromised.
  2. Email from your bank saying a check has bounced.
  3. Email from your bank saying your online password has expired or will expire.
  4. Email telling you to need to verify your email address.
  5. Email from your bank telling you about a recent change in your account information has changed.
  6. Email telling you some amount of money (usually a small but tempting amount) is available for you.

Email Spoofing

The method of masquerading a FROM email address called spoofing. It is a non-complex way of manipulating how an email appears when it is sent out to make the recipient believe it comes from a legitimate organization or person.  As an example, the email appears to come from security@somebank.com when in fact it was sent from 123456@freemail.com.

Why the scammers do it?

If an email spam scammer is successful the target will click the link provided in the email.  This usually takes the target to website which looks EXACTLY like the organizations legitimate website.  The target attempts to login to the FAKE website with their username and password and the scammers job is nearly complete. The victim has just provided their username (often their email address) and password to the criminal.

Unfortunately, over 80% of computer users, you use the same password for everything.  So the criminal now has the targets password for everything from their bank to their Facebook and Amazon account.  If a common password is compromised, the criminal will attempt to use it to access every possible site/account they can.  The targets compromised information is now used by the criminal or sold to another criminal to create distance between the original offender and the user of the information.

How to Avoid Becoming a Phishing Victim

  • Be aware that many scam artists are making forgeries of company sites that look like the real thing. They may take every precaution to make consumers believe their site is secure and, therefore, legitimate. Following are some tips on avoiding the trap.
  • Don’t trust e-mail headers. They can easily be forged.
  • Avoid filling out forms in e-mail messages. One can’t know with certainty where the data will be sent, and the information can make several stops on the way to the recipient.
  • Verify the legitimacy of a web address with the company directly before submitting any personal information. Don’t click on a link in an e-mail message from a company until you check.
  • Protect yourself through education and thorough evaluation. Don’t trust everything you read.
  • Verify the legitimacy of the company first before acting. What’s the rush? A simple phone call may make all the difference.
  • Be alert to phishing messages. Reputable companies do not contact their customers via e-mail to request that they update their files or to verify an account or security setting.

Source: Center for Information Technology

If you have been a victim and taken the bait.

If you have taken the bait and compromised your information, especially your Social Security Number (SSN), you should place fraud alerts on the three major credit reports (Equifax, Experian, and Trans Union).

Even if you haven’t been a victim, you should consider an identity protection and credit monitoring service like LifeLock or Experian.  Some of the services they provide include proactive protection, advanced internet monitoring, credit alerts, non-credit alerts, address monitoring and lost wallet protection.