ID Theft Protection
Phishing – What is it and why do I care?
“Phishing” is a high-tech scam. “Phishers” use spam or pop-up messages to trick you into giving out private information like your passwords, credit card numbers, bank account information, or Social Security number.
This is what people used to call identity theft and it usually happened over the phone. The scammer would call you and pretend to be someone from the credit union asking you to confirm your account information, credit card numbers, PIN numbers, or passwords. Since the scammer was restricted by the time it took to call each target, identity theft didn’t take off until the advent of email spam and websites. Now, it’s really profitable and very widespread – it’s happening daily!
Here’s how phishing works:
Spam is used to send the phishing messages. You’ll receive an email or pop-up message that looks like it’s from a business or organization that you deal with, for example:
- your Internet service provider (ISP), e.g. AOL, MSN, Yahoo, EarthLink
- your credit union or bank, e.g. Family 1, Citibank
- your online payment service, e.g. PayPal
- a government agency
The message typically states that you need to “update” or “validate” your information, and there’s usually a threat that something bad will happen if you don’t respond.
So, you click on the link in the email and it takes you to what looks like the legitimate organization’s site – but it’s not. The site looks so realistic that you are tricked into entering personal information. The scammer then steals your identity and runs up bills or commits crimes in your name.
It’s big business. The US Federal Trade Commission reported that “9.9 million U.S. residents were victims of identity theft during the previous year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses.” And that was in 2003. It’s just getting going….
You can do things to protect yourself:
Change your behavior when you receive suspicious emails and pop-up messages. Be wary. When in doubt, delete it. There are products available that have a ‘Delete” box that you can use to check out the email before it ever hits your email program (e.g. Outlook, Outlook Express, etc).
If you are suspicious about a web link, call the institution before entering the site. Family 1 will never initiate any attempt to “update” or “verify” your personal information through an email. Any message that asks you to enter confidential information about yourself, such as your password or PIN number – hit the “Delete” key!
Install security software. Entering the internet without a firewall and an antivirus is like living without locks on the doors of your home or car.
Since some phishing emails contain software that track your activities on the Internet, make sure you’re screening your incoming mail with up-to-date antivirus software that recognizes the latest threats as well as older ones, that can fix the damage, and that updates automatically.
A firewall blocks all communications from unauthorized sources and helps make you invisible on the Internet. A firewall is especially important if you have a high-speed Internet connection. Hackers love to take over broadband machines because it allows them to spread spam even faster!
Finally, make sure you keep up-to-date with Microsoft’s patches. The latest research shows that an unpatched Windows XP computer has a life expectancy of less than 20 minutes before it is compromised. That’s less time than it takes to download the patches!
This article was compiled using information from the newsletter article on Phishing published by Nick Bolton of Firetrust (www.firetrust.com).
Loss Prevention Recommendations:
Do not to respond to any email or phone call that directs you to update your personal information by dialing a telephone number.
Please report VoIP attacks to your local federal law enforcement agency. Most agencies now have cyber threat units that are well-versed in investigating these claims.
Please remember, we will never solicit personal/private information via e-mail.