Wednesday, February 13, 2008

Don't Get Reeled In

If you have been using the internet and email for the past few years, there is a very strong possibility that you have received an email from someone posing as Bank of America or PayPal stating that something is wrong with our account and you need to click on a link and provide some information to the company. This is called Phishing and it is a tactic used by cybercriminals to “Phish” for unsuspecting people who might give up personal information such as passwords and account numbers. According to an article from ComputerWorld Security, Phishers have stolen money from over 3.5 million U.S. adults from August 2006 to August 2007! It’s not just individuals either, phishers also go after businesses and even the city of Knoxville TN! Unfortunately, the methods of phishing have gotten much more diabolical over time. Before, phishers would send out blanket emails looking to dupe people into giving up passwords. Usually, the emails would start with “dear sir” and may contain grammatical and spelling errors. Over time, these bogus traps were easy to spot because it became known that our financial companies would certainly not ask for any of your information over an email without your name in the salutation. Now there is a whole new generation of phishing techniques that require us to be careful of the personal information we give online and who we give it to. Here are some examples:


Phishers Using Fake Social Networking Sites: Phishers setting up fake MySpace or Facebook accounts that lure others into clicking links that cause them to enter a malicious website that will take personal information such as their usernames and passwords. Check out the Wired.com article about this one.


Tax Scams: Now that the tax season is upon us, scam artists are using the opportunity to try and trick people waiting for their refunds into giving up personal information. This article from the BYU website states that callers claim to be representatives from the IRS calling about an uncashed rebate check and asking to verify an individual’s account numbers. The IRS says they never contact taxpayers about uncashed checks.

Pharming – An attack in which a cybercriminal creates a malicious website that impersonates a legitimate website. The user thinks they are entering their password or account number on the legitimate website, but in fact, they are giving all of that information up to a cybercriminal. When giving any personal, financial information such as passwords, account numbers or credit card numbers, make sure it is a secure site. One way is to look at the web address and make sure it starts with an “https” instead of just “http”. Here are some tips from Carnegie Mellon’s internet safety site.

Fraud.org gives some very useful tips on how to avoid phishing and what to do if you have been “hooked”.


No comments: