When you get an e-mail requesting personal or sensitive information like a credit card number or your Social Security number, the red flags should go up instantly. Con artists who once tried to trick unsuspecting victims into sharing this type of sensitive information over the phone have moved on to the Internet in force.
The Internet versions of these scams typically target customers of banks, credit card companies, online auction sites like eBay and Internet Service Providers, though just about anyone can become a victim. The practice, called "phishing" (phone plus fish equals phish) or "carding", has become almost commonplace recently.
It usually starts with an e-mail that looks like it came from a company or organization with which you do business. The e-mail may warn you that your payment is overdue, or it may indicate that your account or service is about to be suspended or closed, or perhaps it says that the credit card you provided has been declined or has expired. You're then asked to either reply to the e-mail with updated information or are directed to a Web site to "update your information" there. Even though the Web site may appear to belong to the company or organization with which you have a relationship, even if the address in your Web browser appears to be correct, beware.
It's very easy for these scam artists to link to different Web sites, and due to security flaws in some Web browsers, the address in your browser's address bar can be "forged" to appear correct. So, never follow a link in an e-mail like this, and never send personal information or credit card numbers in e-mail.
Services you subscribe to (e.g., your ISP, eBay, PayPal, etc.) will never request such personal information via e-mail. Customers who wish to pay their bills online or purchase additional products and services may be asked to provide personal and credit card information online, but only if they initiate the transaction and only from within a secure Web site (indicated by a closed lock in your Web browser).
The Federal Trade Commission offers the following advice to protect yourself from phishing scams:
- If you get an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the company cited in the e-mail using a telephone number or Web site address you know to be genuine.
- Avoid e-mailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.
For more information on phishing scams, please follow one of the links below:
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
http://www.businessweek.com/technology/content/oct2003/tc20031021_8711_tc047.htm
http://www.antiphishing.org/
Bob Baker
posted @ Friday, February 13, 2004 9:53 PM