This Scam Will Hit You This Week!
But You Don't Have to Be “Phished”
Remar Sutton, DCU StreetWise National Spokesperson
The good news first: This is one scam you can easily avoid. Period.
Now, the bad news: If you receive email—at work or at home—you could as easily fall for this scam today. Fall for it and you could lose thousands of dollars, your identity, and probably your sanity by the time you recover from the scam.
I'm talking about “phishing,” a plague that is now hitting almost everyone who goes online at least once a week—and getting worse by the hour, literally.
Phishing gets its name from legitimate fishing with a hook, line, and sinker: you cast your line into the water and wait on an unsuspecting fish to bite. The same thing happens in Phishing, except you're the fish. A crook casts out some bait over the Internet and just waits for unsuspecting victims like you to take the bait.
Later in this article, I'm going to show you a group of scam phishing emails so you'll have some samples of the ploys they use. But before heading there, read on.
TYPES OF PHISHES
The bait the crook uses can come in several forms.
Phishing emails
This is the most common phish. You receive an email from some person or company that wants you to ‘reconfirm’ your financial information. These emails usually try to get you to go to another site to reconfirm your details.
First big warning: Legitimate institutions never, never use emails to ask you to “confirm” your financial or personal information. They never use emails to ‘redirect’ you to other websites for the purposes of ‘confirming’ your financial information.
How do the scam artists get you to go to the other site? With scary or enticing statements like these (taken from phishes I personally received in one week.)
- “There is a problem with your information”
- “You have added a user...”
- “Legal notice”
- “Your account has been compromised...”
- “Your account is blocked...”
- “Your Application Is Approved” (though you don't deal with the financial institution and have not applied for a loan!)
- “We need to update your records or your account will be closed.” (A popular phish hitting both e-Bay and Paypal.)
- “You've won a special lottery!” (But, of course, you have to send your banking formation to receive your winnings!)
- “Agent needed!” (These total strangers will pay you a half million dollars to serve as their agent. But, of course, you have to send them your banking information.)
Most of these emails look very legitimate at first glance, and most of the scam websites they send you to look very, very legitimate.
Watch out for this trick. Many of the scam emails link you to a phony website that contains legitimate links to the website of your actual financial institution! For instance, you might receive a scam email which says it is from this credit union. When you click on the link in the email, it leads you to a page which looks virtually identical to our home page. Click on many of the buttons, and the scam site actually takes you to some real pages on our website. The crooks are tricky and clever. In this scam, the only fraudulent page is the one that asks you to confirm your financial information.
Second big warning:
- If you receive an email from a financial institution that you deal with asking you to confirm your information by clicking on a link, do not do it.
- If you receive an email from a financial institution you deal with asking you to confirm your information by calling a number in the email, do not do it.
If you want to make sure this is a scam or if you think the email might be genuine, simply call your financial institution, using the number on your statement or that you looked up in the phone book, and ask if they sent the email.
How did the scam artists know you have an account with a certain institution? They usually don't know. The scam artists simply buy lists of email addresses in particular cities, and send tens of thousands of emails to everyone on the lists. They know they will hit people who have accounts with the institutions they are claiming to represent.
Another tip. It's a wise idea never to click on any link in any email unless you are absolutely sure of the source of the email. Embedded hyperlinks are a favorite way to transmit computer viruses and spyware. Which reminds me—your computer's virus protection and firewall software are up-to-date, aren't they?
“Advanced” Phishing Techniques
More sophisticated phishers use “popup” screens or instant messages. At times, the screens and messages look like they come from businesses you deal with. At times, they appear when you are actually online with these legitimate businesses. Sometimes, these screens ask you to ‘confirm’ your financial information right on the screen. Other times, they direct you to another site with a link. Never do either of these things.
The giveaway that these screens are phony. Legitimate institutions never, never use popup screens or Instant messages to ask you to “confirm” your financial or personal information. They never use emails to ‘redirect’ you to other web sites for the purposes of ‘confirming’ your financial information.
Phishing by mail and phone
Phishing isn't limited just to the Internet. Some scammers buy lists of home addresses and phone numbers and send letters or make phone calls asking for ‘confirmation’ of financial information. In one scam, the thieves actually duplicated a real piece of letterhead from a bank and sent letters asking the recipients to go to a website and confirm their information. In another, thieves posing as police personnel, called hundreds of consumers asking for personal financial information.
What do you do if you receive a letter or call like this? If it's a letter, never respond to the web link in the letter. Simply call your institution, using the phone number on your statement (not the letter) or from the phone book and ask if the letter is real. If you receive a call, ask for the callers phone number, but never give out any financial information. Legitimate police departments (or financial institutions, for that matter) never call and ask you to confirm financial details.
Should you be worried about Phishing scams? No, not if you pay attention. 100% of phishing scams occur because we volunteer information to scam artists. One Hundred Percent! If you use common sense, and slow down, and never respond to the email, phone call or letter, you'll never be caught in a phishing scam. If you think the query is possibly legitimate, then look up the number in the phone book or on your statement and call the institution and ask.
Should you feel safe doing online banking? Yes. I think online banking is our greatest protection from financial scams. If you're smart, you'll go online every morning and review your accounts to make sure that all charges are legitimate. And financial institutions take online security very seriously.
The Internet is an extraordinary resource, if we're careful and thoughtful. And the tips in this report can help you be a careful consumer of online banking, online sales outlets, and communication tools like email and instant messaging.
Now, here's what some of the scams look like. To help you resist the phisher's bait, we've prepared some screen shots of actual scam emails my team has received. You can say no to these predators.
For more information
Internet Crime Complaint Center is a partnership between the FBI and National White Collar Crime Center. If you think you've been scammed, you can report it here.
phishinginfo.org from the National Consumer's League offers examples of schemes, tips to protect yourself, and where to go for help.
So, what do you think?
If you find this review helpful, please pass the word to your friends. Also email me with any comments or suggestions. Remar Sutton
Prepared by Remar Sutton and Associates for DCU, December 2005. All rights reserved.
| A note about third-party links – By selecting links on this page, you will leave DCU's web site and enter a web site hosted by an organization separate from DCU. We encourage you to read and evaluate the privacy policy of any site you visit when you enter the site. While we strive to only link you to companies and organizations that we feel offer useful information, DCU does not directly support nor guarantee claims made by these sites. |
|
