Friday, May 29, 2009

Phishing: An Online Identity Theft Scam









When I hear the word phishing, I imagine early dawn, a still morning and a smooth lake with not a single ripple. But outside the nature world -- and inside the world of computer security -- phishing is online identity theft. This process was described in 1987 and defined and recorded as 'phishing' in 1996 with one sole purpose: to bait innocent victims and catch their passwords, usernames, credit card information and any other financial details.

Con artists have been around since the beginning of time. We've all heard the stories of strangers stepping into the shoes of long lost relatives and making claim for crowns or large sums of money, but now we're in the internet age and the story -- with a similar theme -- has unsuspecting online consumers as its main characters. One of the more recent phishing scams involves the social networking sites. Facebook users beware because if you're one of those users that re-use passwords, then Facebook may be your downfall. Many of us use the same password for every website, meaning if were lured to phishing sites from our facebook account, hackers can also potentially gain access to our Amazon, PayPal and eBay accounts. Read the full story here: Facebook Attacks Threaten All Web Sites

According to the APWG (Anti-Phishing Working Group), these types of crimes are on the rise with crimeware-spreading sites infecting PC's with password-stealing crimeware increasing 827% from January 2008 to December. Phishing schemes are gaining sophistication and sometimes for the everyday online consumer it can be overwhelming. The Anti-Phishing Working Group web site gives up-to-date reports on the latest phishing schemes authorities have uncovered.

There are some steps we can take to protect ourselves from these types of scams.

  • Never give out personal information, including financial, via an email request. Remember the purpose of this is to gain your name, username, address, phone number, password, bank account number, credit card number, CVC code or social security number. Regular e-mail messages aren't encrypted so it's similar to sending a postcard. Be suspicious of email messages requesting this kind of information or even those messages asking to update or confirm such details. And don't call numbers listed on email messages, but rather get the phone numbers from statements. Never click links on suspicious emails or copy and paste links from messages into your browser, but instead you type the URL into your browser or use your Favorite Links.
  • Use secure websites. Ones that you know and trust to submit personal information -- established companies with good reputations and privacy statements where they state that they won't pass on your personal information to others. And make sure these web sites use encryption.
  • Continually monitor online transactions. Review bank and credit card statements and report anything suspicious by calling the number on your account statements. Use credit cards for online purchases, even those with a small credit limit. Debit cards are connected to your bank account and credit cards with high limits only give the thief more money.
  • Use strong passwords, changing them often. Don't use real words, but rather combinations of numbers, uppercase and lowercase letters, and symbols so it's difficult for hackers to guess.
  • Protect your PC. Make sure all your security patches are installed and your browser is up to date. Use a firewall, antivirus software, anti-spyware, and even anti-phishing software.

So if this information does get into the wrong hands, what will the thieves do with it? Identity theft is common and the hacker can now apply for credit in your name, empty out your accounts, max out cards, transfer money from your investments into your checking account and then use a copy of your debit card to take it all.

These identity theft scams are continually growing in sophistication on the internet, so be aware, protect yourself as best as you can, and be prepared with identity theft services for recovery and even prevention.

No comments: