|
|
|
Phishing
Information from the Office of Information
Technology
|
This important informational update is to forewarn everyone of new computer based identity
theft tactics. The latest, very common and one of the most effective means of stealing
ones identity is through phishing, pronounced "fishing", another form of spam. This
new spam is very serious, so I will lead off with a quote from a recent article:
Phishing is spam that sends thousands of bogus e-mails out to people.
These emails attempt to entice you into visiting a website and providing
personal financial information to people who shouldn't have it. The mail is
professional looking and disguised to look like it's coming from a legitimate
business. These e-mails are carefully crafted with HTML, and utilize graphics from
legitimate companies. There are weblinks in the e-mails that look legitimate,
and they appear to point to a special website run by that business. The mails
even include disclaimers and legal notices at the bottom, often with working
links to the real company's website.
The pitch is usually subtle but appears to be serious. A typical phishing scam
will state that you need to update information about your account. It may state
that your account has been inactive for some time or that your account may have been
compromised. You're then directed to click a legitimate-looking URL in the mail,
which takes you to a professional-looking site with the company's logos and a web form.
You're asked to "update" your account information, including logins and passwords,
account numbers or credit card information. The problem is, none of this information
is going to the company but actually to the bad guys database.
The main clue that these are bogus is that they are addressed anonymously,
usually to "valued customer" or "account holder." Rarely will companies send e-mail
asking you to provide information in this fashion. A quick way to check is to open
a browser and manually type in the URL of the company's site and look for warnings
about such messages. In the US Bank case they clearly announced a warning on their
web-site that their firm was being used in phishing scams.
Don’t Be Duped
Phishing scams are on the rise and have been reported to be nearly 5% effective in
convincing individuals to complete the form along with the private and financial
information they are seeking. Some companies being spoofed in these scams are AOL,
credit card companies, banks, Ebay/Paypal, etc., and the list is rising.
Use Common Sense and Follow These Simple Steps:
- If you receive a message like this never fill out the requested information.
- Call the company if you have ANY questions
- Visit the company's legitimate web-site to see if there are any warnings about their site being used in phishing scams.
- In some instances you can report the scam to the company (some companies provide a web page on their site just for this purpose)
- Delete the email
- Pass this information on to friends and relatives so they are informed.
|
|
