GONE PHISHING

September 7, 2005

A few months ago, my sister noticed that her eBay and PayPal accounts were mysteriously suspended. Authentic looking e-mails from eBay and PayPal began arriving in her inbox requesting for “confirmation of billing and credit card information” so that her account could be reactivated. Unaware, my sister proceeded to follow the instructions indicated on the e-mail and submitted the requested information. Not long afterwards, fraudulent charges began to appear on subsequent credit card bills totalling a whopping $4566.97. My sister became the latest victim of phishing…

Phishing (also known as carding and spoofing) is a form of a social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. – Wikipedia

Over the last couple of years, Internet users, businesses and law enforcement agencies all around the world have noticed a dramatic increase in phishing activity. According to Anti-Phishing Working Group, the number of reported phishing incidents in the US went from just under 7,000 to over 14,000 within the last ten months. More and more individuals are getting caught because of the increasing sophistication of these schemes. The good old heydays of crooks rummaging through the garbage for your personal information are definitely gone.

A typical phishing scheme often begins when a recipient receives an e-mail from a supposedly real financial institution or business (i.e. eBay). The fellows behind the scheme of course do not know whether or not the person has any dealings with the company. Like all good fisherpersons, they are just hoping for a few “good bites”. As long as a small percentage of the millions of Internet users respond, they can make an enormous amount of money.

The suspicious e-mail usually contains the following elements:

  1. The Company logo.
  2. A very generic salutation such as: “Our Valued Customer” or “Dear eBay member”.
  3. A reason why they are sending you this e-mail such as: “your account has been suspended” or they need to “update and verify account information”
  4. A link or button that one can click on to submit their personal information.

After clicking on the link or button, an authentic looking website will often appear prompting the unsuspecting victim to input their passwords, login identification, billing and credit card information, etc. Once the information has been entered and sent, the information can readily be sold and acquired on the Internet and used to create fake credit and identification cards that potential thieves can use and exploit. For examples of various types of Phishing e-mails, go to the Anti-Phishing Work Group Archives by clicking here.

HOW TO AVOID BEING BAIT

  • Installing Antivirus and Firewall software is a must on your computer. Remember to update your Antivirus software.
  • Internet Explorer could have a lot of security holes that hackers can potentially exploit, so make sure you update the software by checking Microsoft’s Security Homepage.
  • Install Anti-Phishing toolbar to your browser such as: NetCraft’s Anti-Phishing Toolbar or Cloudmark’s Anti-Fraud Toolbar.
  • Keep all records of credit card purchases online and offline to verify your purchases when you receive your monthly credit card statements.
  • Avoid sending personal and financial information via the Internet unless you know that it is reputable site like Amazon.ca. You can also check the web address up at the top of your browser to make sure that it says “https://” and not just “http://”, the “s” indicates that it is a secure site. You can also check the bottom of the browser for a “lock” icon to indicate that the site is secure.
  • Don’t reply or click on any e-mails that are asking you to send personal or financial information.
  • If you are not sure, just pick up the phone and call the financial institution or company. Remember to use a phone number you trust and know it is genuine.

CAUGHT? NOW WHAT?
If you have inadvertently been caught or have supplied personal or financial information you should do the following:

  1. Call your Credit Card Company or financial institution.
  2. File a police report.
  3. Place fraud alerts on your credit reports by calling the credit bureaus that operate in Canada:

Equifax Canada 1-800-465-7166
TransUnion Canada 1-877-525-3823

  1. You may also want to notify other government and private sector organizations such as: RECOL (Reporting Economic Crime Online), PhoneBusters (Canadian Anti-Fraud Call Centre), and Anti-Phishing Workgroup.

Despite some potentially negative aspects of doing commerce on the Internet, one should not be afraid to use it to pay their bills, and purchase goods and services as long as one is aware of the pitfalls.

Until next time,
~Geekboy

2 Comments | Front Page, Renfrew-Collingwood News | Permalink
Posted by Geekboy