Phishing
A sort of e-mail/web “hybrid” scam, “phishing” is an Internet fraud that has become all too commonplace in the last few years. The “bait” arrives as a message in your inbox and appears to have been sent by a financial institution, online retailer or other business with whom a large number of Internet users are likely to have accounts or other dealings with. Among the favorites of long standing are eBay, PayPal, Amazon.com and Visa, as well as a variety of national and regional banks. In order to appear as authentic as possible, the message almost always contains corporate logos and graphics (usually pirated or forged) along with contact information that may or may not be accurate, counting on the fact that most people won’t actually check. The body of the message will allude to some “urgent problem” regarding your account that must be dealt with immediately: billing dispute, fraud claim, unpaid invoice, account info update and many other alleged critical matters. The message will instruct you to click on a link that will open a web browser window to a site, also apparently genuine, where you will be asked to login with your account name/number and password along with other personal information. The site is, of course, as phony as the e-mail message, and the payoff for the “phishers” is that they’ve collected information about you that they can sell or use themselves to commit identity theft and other crimes.
Legitimate businesses should never ask you to transmit sensitive or confidential personal information relating to your account via e-mail, especially if they are initiating the contact.
In the last year there has been a pronounced rise of very sophisticated and refined “phishing” attacks (sometimes called “pharming”) in which the message is “seeded” with personal information about you, personally, that they have been able to obtain, such as your name and job title. This makes it appear to be more than a “generic” phishing attack, and the scam in many of these is not to get you to go to a phony website, but instead to get you to open an infected attachment which will install some form of malware on your system.
If you receive an e-mail message that appears to be phishing-related but have some reason to believe it may be legitimate and require follow-up on your part, DO NOT OPEN ANY ATTACHMENTS, AND DO NOT REPLY DIRECTLY TO OR VISIT ANY WEBSITES SHOWN IN THE MESSAGE. Use a search engine like Google or Yahoo! to locate the firm’s official website and published contact information. Most of these businesses have extensive experience as targets of “phishers” and will often have specific information and instructions for you available on their website (eBay and PayPal are good examples of this). Another good source of help can be found at www.antiphishing.org.
