Gone Phishing

It’s amazing how creative and advanced computer hackers are. They have been able to attack some of the biggest companies in America and cause havoc across the World Wide Web. The Federal Trade Commission (FTC) reports internet fraud accounted for 55% of all fraud reports for 2003. Computer hackers have given headaches to over a half a million consumers in 2003 to the tune of $430 million in reported losses. All of this, and I’m still trying to program my VCR!

The rate of electronic enhancements had left me feeling vulnerable. This morning, I checked my personal email and had 31 messages in my inbox. Only 12 of them were from friends and family. The other 19 were trying to sell me everything from books to mortgages, I was afraid to open the ones from my family; I’ve had to replace a personal computer because of a virus and didn’t want another one. I felt uneasy and decided it was time I did something about it. My research lead me to the Federal Trade Commission’s website (www.ftc.gov). Here’s what they had to say, and what I learned about ‘phishing’. Maybe it will help you protect your computer, identity, checkbook, and kids a little more.

Phishing is a scam that has affected major companies including AOL, Verizon, Wells Fargo, and Citibank. How it works is you receive an email that appears to be from a well-know company asking you to verify some type of personal information. The fact is: the email you received could be just a stolen copy of a well known company’s logo and website. Computer hackers, known as phishers in this case, use any means necessary to get recipients of these emails to click onto a fraudulent web site designed to trick them into divulging personal data such as credit card numbers, financial account usernames and passwords, Social Security numbers, etc. by making the bogus website look like the real ones.

How do they do it?
The message usually has some sense of urgency to it and requests that you click on the website link to update or validate your account information. It may even threaten some level of consequence if you don’t respond immediately, it might say your account will be closed or sent to a collection agency. Sometimes, just clicking on the email is enough for the phishers to attach a virus or computer program to your computer that tracks your every keystroke; you may be more familiar with this practice by the name Spyware. While these programs are sometimes sinister, like a remote control program used by a hacker to monitor your online checking account activity and purchases with valid credit and check cards, software companies have been known to use Spyware to gather data about customers for marketing and other purposes. The use of this practice is generally frowned upon.

How do you protect yourself?
According to the FTC, there are some steps to take to make it harder for you to become a victim:

  1. Do not open, reply, or click on a link in any message or pop-up ad you get asking for personal or financial information.
  2. Do not email personal or financial information to anyone. Email is not a secured avenue of communication.
  3. Verify the accuracy of all credit card and financial account statements when the statements arrive. If your statements are late by more than a day or two, contact your credit card company or financial institution to review your account balances and verify your mailing address. Save your receipts and review the accuracy of your account activity on your statement. Try keeping a checkbook register of your credit card activity, it helps not only verify your account activity, but it gives you an accurate picture of your spending (and you won’t be afraid to open the billing statement!)
  4. Use anti-virus software and firewall on your computer. They can help protect you from inadvertently accepting infected and bogus emails. Anti-virus software scans incoming communication and firewalls help make you ‘invisible’ on the internet and block communication from unauthorized sources. When looking for anti-virus software, make sure it’s programmed to recognize current as well as older viruses, that it can effectively repair any damage, and that it has the capability to update automatically.
  5. Be cautious and use common sense when using the internet. If you are unfamiliar with the source of the email, don’t open any attachment or download any files, delete it – don’t open it. Don’t open pop-up ads. Verify web addresses by retyping the address you’re familiar with for a company and don’t use the one provided by an email solicitation. Google it if you wish to verify an address.
  6. Report suspicious activity to the FTC. The FTC, “works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them.” If you receive phishing emails or spam that is prompting you for your information, forward it to spam@uce.gov. If you’ve been a victim of an internet scheme, file a complaint at www.ftc.gov.

For more tips, check out the Credit Union article, Protecting Your Good Name from Identity Theft.