Be Aware of Phishing Scams!

By: Nowshade Kabir
Submitted: 2007-01-17 13:46:48
Print this article | Tell a friend | For publisher | Social Bookmarking
Rating:
 

If you use emails actively in your communication, you must have received various messages claiming to be from Ebay, Paypal and a number of banks. A recent email as if from U.S. Bank Corporation that I received contains the subject "U.S. Bank Fraud Verification Process" and in the body of the mail it says "We recently reviewed your account, and suspect that your U.S. Bank Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the U.S. Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:". It continues with a link to a webpage, which looks very similar to original web page of the bank.

The misleading web site appears authentic with familiar graphics and logos. The wordings are professional right down to the legal disclaimer at the bottom of the page.

If you happened to be holding an account of the claimed bank, followed the instructions of the email and input your account, pin, password, etc. you are doomed. You just have handed over access to your account to a con artist, who, in a matter of days, will drain off all the money available in that account.

This new scam, which is proliferating in a very rapid pace, is called "Phishing". Phishing is a form of identity theft, where a con artist with the help of official looking email containing link to phony web pages capable of harvesting information, tricks an unsuspecting victim into divulging sensitive personal data. Scammers use these data to bilk victims out of their savings.

One of the most common phishing campaigns being waged has targeted users of Web auction giant eBay and its PayPal division with financial services giant Citibank serving as another popular target. However, recently, every major bank has been hit with this scam. Crooks send out huge amounts of emails with an expectation that some of these email address owners may have online access to their accounts at the bank.

The term "Phishing" is a deviation of the word "Fishing". In hackers’ lexicon, in many words, "F" becomes "Ph". The term derives from the fact that scammers use sophisticated bait as they "fish" for users’ personal information.

According to Gartner, a research firm, illegal access to checking accounts gained via phishing has become into the fastest growing type of consumer theft in the United States. Roughly 1.98 million people reported that their checking account was breached in one way or another during the last year and US$ 2.4 billion were defrauded from the victims!

Gartner also estimated that 57 million U.S. Internet users have received phishing emails and 3 percent of them may have fooled into revealing their personal sensitive information.

The Anti-Phishing Working Group has also spotted a dramatic increase in reports of phishing attacks in recent months. Since November, 2003 phishing scams increase by about 110 percent each month. In April alone, the group identified 1125 unique phishing scams, a sharp lift of 178 percent from the previous month.

MessageLabs, a company that watches phishing scams closely, has noted an even more dramatic increase in number of phishing emails. It claims to see phishing messages jump from just 279 in September, 2003 to a staggering 215,643 in March of 2004.

The scammers also started to use more sophisticated technologies in recent months. The latest generation of phishing scammers uses several methods to trick users, including pop-up graphics to mast the true web URL of the phishing site and the installation of Spywares and Trojans on victim’s computer. The perpetrators also take advantage of security bugs in web browsers, in which the URL in the address bar appears to be for one site but is, in fact, a link to a totally different site.

A new Windows worm under the name "Korgo" is able to infiltrate into victim’s system with a key logging Trojan, steal information that the victim input in web forms and secretly transmit to designated server. There are a number of variants of this worm and they are spreading rapidly. However, Microsoft in April came up with a patch to seal this glitch. Many computers without the patch are still vulnerable to this potentially dangerous worm.

A U.S. Treasury report provides consumers with steps to prevent and report phishing scams:

  • Do not respond to or open any e-mail that warns that an account is about to be closed. Contact the company directly by phone and inquire of this e-mail.

  • Do not submit financial information unless there is a symbol for a locked padlock on the browser's status bar. Also look for the https:// at the beginning of the Web address. If both of these signs are absent, the Web site is not secure.

  • Always review your bank statement and credit card statements immediately upon receipt.

  • Verify the domestic telephone number listed on the Web site through directory assistance or other reliable sources and call the number. Many phishing attacks have originated outside the U.S. and don't have a domestic number.

  • Report suspicious activity or if you have been defrauded to the FTC and the FBI.

  • Phishing e-mails can be forwarded to uce@ftc.gov. Complaints can be filed at www.ftc.gov. Phishing attacks can also be reported to the Internet Fraud Complaint Center at www.ifccfbi.gov.

Other cautionary measures you should take in order to protect yourself are:

  • Since most of the phishing emails come through spam, get a spam filter and install on your computer.

  • If you suspect a phishing attempt, report immediately to the bank. Every bank web site has a link or a toll-free number to report scams. Don't be ashamed if you were tricked into divulging account information. If you report it immediately, your account will be protected until you receive a new PIN.

  • Change your password and PINs regularly. Banks advise that you use separate PINs and passwords for different accounts, that way if one gets compromised, your entire financial life won’t be revealed. - If you are a frequent user of EBay, download its Web browser toolbar, a small program that runs with a user's Web browser. It flashes red when the user visits a possible spoof site. The toolbar uses a database of spoof site URLs, submitted by customers and is updated quite often.

  • Check your computer frequently for possible Trojan virus.

About The Author

Nowshade Kabir is the founder, primary developer and present CEO of mailto:nowshade@rusbiz.com, http://ezine.rusbiz.com , http://www.rusbiz.com , http://ezine.rusbiz.com/newsletters/newsletter31.htm

Article source: Expert Articles

Most Recent Articles in Security category

  • Essential Tips For Secure Online Trading - By: Liam Derbyshire
    Conducting business on the internet is fraught with numerous perils. From identity theft to elaborate scamming schemes, criminals are out there in cyberspace trying their best to rob you out of your hard earned cash. A few simple tips give you all the protection you need from the vile schemes of these con artists.
  • Discover the joys of anonymous proxy servers. - By: Kulveer Singh
    As Google Adwords and Google Adsense becomes more mainstream, the rate of fraud from self-clicking (commonly called Google-bation), and click-draining (clicking on competitors ads), will increase exponentially. The problem is that the electronic antichrist has an obvious conflict of interest in eliminating fraud. Like most web site owners running Google Adsense, you probably are tempted to just "test" ads to make sure all the html you have embedded on your site is working. In some markets these little "tests" can reward the web site owner over $20 per click. Drugs, bank loans and obesity cures pay pretty well I'm told.
  • Stepping Up Your Security - By: Scott Jarvis
    Many online businesses have been using this method of security for over ten years and still have not upgraded to a better form of online security. Though many smaller businesses have yet to adopt a more advanced technology, several high profile companies have begun using some form of two factor authentication both on their websites and in their offices.
  • You Can't Do Without Search Engine Optimization - By: Naman Jain
    No websites can ignore the importance of search engine optimization to their website. It is the most essential tool, which will helps them grow their Online business.
  • Identity Theft - Don't blame The Internet - By: Kavita B
    Identity theft - also known as ID theft, identity fraud and ID fraud - describes a type of fraud where a criminal adopts someone else's identity in order to profit illegally. It is one of the fastest growing forms of fraud in many developed countries.
  • AllAnonymity - anonymous browsing solutions - By: Ionel Orza
    In our days identity protection has become increasingly important, because any time someone could be watching what you do on your computer through online spying. Someone like your boss, someone trying to hack your system, or even the government may be on your track while you peacefully surf the web.
  • 8 Simple Ways to Defend Against Evil Doers Both Online and Off - By: Dan Preston
    There once was a time when the only option people had when shopping was to either call in or snail mail in a catalog order form or to jump in the family car, fight through traffic, and wait in long checkout lines to complete the purchase.Well, nowadays there’s still a few major mail order catalogs floating around and we all still visit our local retail outlets, but time has also introduced the internet as one of our options to shop from the comforts of home.The internet has made shopping at home a breeze and along with it has unfortunately brought the so called ”Evil Doers” who I believe have such little happiness in their own lives that they must leech pleasure from the hardworking and innocent individuals of our wonderful and surrounding nations.
  • Dirty Little Computer Viruses and How To Protect Yourself - By: Dan Preston
    Whether you have learned your lesson from a past experience with a nasty computer virus or have been pressing your luck by surfing the web and downloading various files or opening those email messages sent to you by people you don’t know without any real understanding of just how vulnerable you really are each time you log onto your computer you now have the opportunity to discover what steps you can take to avoid such an annoying and many times destructive infestation.Listed below are some of the guidelines you can follow in order to keep those nasty viruses from making a mess out of your computer and your life.•Purchase and install a well respected antivirus software program and be sure to set it up so that it automatically runs when the computer starts up each time.
  • Protect Your Little Black Book - By: Rick Cooper
    The movie Little Black Book features a young woman, Stacy, who is frustrated when her boyfriend refuses to share information about his past relationships. When his PDA, a Palm Tungsten C, falls into her hands, she is faced with a conundrum. Does she give it back, or does she explore it?
  • Can I Guess Your Password? - By: David Congreave
    We all know that it’s dangerous to use the same password for more than one program. If you sign up for a program run by someone of low moral fibre, what is to stop them running through various programs with your username and password to see what they can access? But of course remembering all the different passwords can be a headache.