Metropolis Reality Forums - Don't be hooked by the Internet's biggest fraud

Sponsored by: The Fans!

Welcome, Guest. Please Login or Register.
Nov 25^th, 2024, 11:54pm

Upcoming Premiere Dates:
Survivor 23, Season premiere
Thursday, September 14 (8:00-9:30 PM, ET/PT) on CBS

Metropolis Reality Forums Ť Don't be hooked by the Internet's biggest fraud ť

   Metropolis Reality Forums
   Off-Topic Forums
   In the News (Moderators: lakelady, yesteach, MediaScribe, Bumper, Isle_be_back)
   Don't be hooked by the Internet's biggest fraud

Previous topic | New Topic | Next topic »

Pages: 1

Add Poll

Notify of replies

Send Topic

Author

Topic: Don't be hooked by the Internet's biggest fraud (Read 191 times)

Rhune
ForumsNet Administrator

Gender:

Posts: 292

Don't be hooked by the Internet's biggest fraud
« on: Sep 14^th, 2004, 6:50pm »

Quote

Modify

Don't be hooked by the Internet's biggest fraud

They call it 'phishing:' Crooks use official-looking e-mails and fake Web sites to get your personal data, then steal from you. Here's how to protect yourself.

By Jennifer Mulrean

If youve been swatting away warnings of phishing scams for the last couple years, it may be time to finally stop and pay attention.

Why? It's running rampant, and nearly all of us are targets. In this scam, crooks use official-looking but fake e-mails and Web sites to lure you into revealing personal financial information. Then they can drain your bank accounts, charge up your credit cards or steal your identity. And according to some industry experts, its the biggest fraud on the Internet.

The Anti-Phishing Working Group (APWG) says the number of reported incidents of the scam climbed 800% in the first six months of 2004, and a staggering 4000% in the six months between November 2003 and May 2004. By June, the latest month for which data is available, the APWG reports an average of almost 50 unique attacks (attacks from different sources) per day. With mass e-mailings, each of those unique attacks can potentially hit thousands, if not millions, of people.

Who's taking the bait? As many as 3% to 5% of people who get the e-mails, the experts say. And the sheer numbers of people being targeted mean big payoffs for swindlers.

Watch for the telltale signs
The big problem is that the fake "phishing" e-mails look so official, so real:

They appear to be from trusted banks, retailers or other companies. Citibank is targeted more than any other business; its name was used in almost 500 of the 1,422 unique attacks reported to APWG in June. PayPal, US Bank and eBay names are also used as fronts.

The e-mail often says the company needs to verify your information, such as account numbers or passwords, for supposed security purposes.

They're slick and well-designed, using official-sounding language and real company logos to make them look and feel authentic.

They try to fool you with an address "spoof." In more than 90% of cases, the e-mail address looks like one from a real company. Although the address in the From line of the e-mail may contain a legitimate address, it conceals a scammer's address. (Your e-mail program can be set to display "headers" so you can see a false address. Read more in this Slate article on how to detect spoofed e-mails.)

While working on this story, I received a phishing e-mail that used the SunTrust bank brand. It said my SunTrust account (something Ive never had) had possibly been compromised by outside parties. It instructed me to verify my identity by clicking on a link and then said not to access my account online for the next 48-72 hours. Now the e-mail sticks out as an obvious ploy, but if Id really had a SunTrust account and had been less aware of phishing, I might have clicked the link -- if only to try to get a better idea of what the fuss was all about.

Here are some other giveaways:
Scare tactics. Like the SunTrust phish above, it may play on security fears.

No name. The mail doesn't address you by name but with a generic greeting, such as Dear Suntrust.com Customer.

It offers forms to fill out with your personal financial information.

It points to links in the e-mail, urging you to click to "validate" or "confirm" your account.

Once you're on the hook . . .
What happens after you inadvertently click on one of these links in a phishing lure? Here are some ways the crooks try to trick you:

You may be directed to a legitimate company's Web site. But a crook's pop-up window -- not part of the real site -- will open and ask for your account information.

The site itself may be fake, but it will have a similar URL to the real site, fooling you into using it.

The site may be fake, but the address window showing its URL will be hidden by a floating window displaying the legitimate company's URL to fool you. (Most of these are static images, so if you cant click on the window or type anything in it, its a good tip-off that the address displayed is a decoy.)

The link may trigger the download of a "key logger" to your computer. It's a program that records what you type into legitimate sites, including your passwords and account numbers, then passes them on to the swindlers.

How to avoid the hook, line and sinker
The Federal Trade Commissions No. 1 tip for avoiding this ripoff: DON'T provide any personal financial information via e-mail. (Banks and other companies frequently remind customers that they don't ever ask for sensitive financial data via e-mail.) Other tips from the FTC and the APWG:
Be extremely suspicious of any e-mail with urgent requests for personal financial information.

Don't fill out forms in e-mail messages that ask for personal financial information.

Don't use the links in an e-mail to get to any Web page if you suspect the message might not be authentic. Instead, telephone the company or log onto the Web site directly by typing its Web address in your browser.

Don't give your credit card numbers or account information unless you're using a secure Web site or the telephone. Check the beginning of the Web address in your browser's address bar. A secure site should show as "https://" rather than just "http://" (You may also want to click on the window containing the secure address, to make sure youre not dealing with a floating window.)

Beware of e-mail attachments. Don't open them or download any files, regardless of who sent them.

Check your bank and credit card statements online on a regular basis. Make sure the transactions are legitimate. Don't wait for a mailed paper statement, which can take up to a month. If you see something suspicious, contact your bank and all card issuers using a phone number you know to be legitimate or by typing in a secure Web site URL into the Internet browser address bar.

Use anti-virus software and keep it up to date. Anti-virus software and a firewall can protect you from inadvertently accepting unwanted key-logger files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

Keep your computer's operating system up to date and download security patches. These free software patches for your operating system close holes that hackers or phishers could exploit. (You can check for Microsoft patches here: http://www.microsoft.com/security/.)

Consider installing a Web browser tool bar to help protect you from known phishing fraud Web sites. EarthLink ScamBlocker alerts you before you visit a page that's on Earthlink's list of known phisher Web sites. Ebay offers a free toolbar that warns you when you might be on a spoofed eBay site.

Report the attacks by forwarding the phishing e-mail to the following addresses: [email protected], [email protected] and to the "abuse" e-mail address at the company that is being spoofed (e.g. "[email protected]").

What to do if youve divulged sensitive info
If you think youve been scammed, you can file a complaint with the FTC and the Internet Fraud Complaint Center. But the most important thing is to notify the bank or credit card issuer of the account that has been compromised. Youll probably want to close the account and open a new one.

If youve given away your Social Security number, you should also notify the big three credit reporting agencies -- Experian, Equifax and TransUnion -- so that a fraud alert can be placed on your file. That way, if anyone applies for new accounts with your Social Security number, you should be notified at home. You should also start regularly monitoring your credit reports, if you dont already.

For more tips, go to the FTCs Identity Theft site and MSN Moneys Decision Center on Guarding Your Financial Privacy.

IP Logged

luci
ForumsNet Member

Gender:

Posts: 12045

Re: Don't be hooked by the Internet's biggest frau
« Reply #1 on: Sep 15^th, 2004, 9:11am »

Quote

Modify

I get this kind of email, but I sure don't fall for it!

IP Logged

"A friend is someone who knows the song in your heart and
can sing it back to you when you have forgotten the words."

david
Guest

Re: Don't be hooked by the Internet's biggest frau
« Reply #2 on: Sep 15^th, 2004, 9:13am »

Quote

Modify

Remove

We too get these but delete them soon as we do

IP Logged

sweetmisery
ForumsNet Member

I am The Game!

Gender:

Posts: 1105

Re: Don't be hooked by the Internet's biggest frau
« Reply #3 on: Sep 15^th, 2004, 10:36am »

Quote

Modify

Yeah same here... Luckily, most e-mail services got spam blocking, though some still get through!

IP Logged

"When it comes to compliments, women are ravenous blood-sucking monsters always want'n more... more... MORE! And if you give it to them, you'll get plenty back in return."
--- Homer Simpson

Pages: 1

Add Poll

Notify of replies

Send Topic


Previous topic \| New Topic \| Next topic »