Beware Of The Phish
According to an August 28, 2005 article in the Washington Post, phishing scams are becoming more difficult to detect. "Phishing" refers to a type of email which sends a "something's wrong" message which appears to be coming from a financial institution. The user is instructed to log onto a Web site which appears to be valid. If the user provides a password or other financial information, scammers use that information to perpetrate fraud and identity theft.
Don Oldenburg writes the following in the Washington Post:
"Don't get me started on spam. But the other day, scanning the dregs of my spam filter, there was this one that stood out from the hundreds of unsolicited commercial e-mails that pitch porn, get-rich-quick schemes, cheap pharmaceuticals, urgent business proposals and sure-thing investments. All no-brainer deletes. Click, click, click.More information about phishing scams is available here and here, and in the archives here. These sites are worth bookmarking.
"But this one stopped me cold. It raised images of stressed-out and distraught military families stunned by the message that their bank accounts had been breached (all the more troubling after last week's news that someone had indeed hacked an Air Force nonfinancial database containing 33,000 Social Security numbers). Recipients could follow the message's instructions, click on a link to a Web site, and divulge their passwords and confidential information.
"Only, that urgent notice isn't from their bank. It's from a crook.
"You probably knew that already. Those daily spams, supposedly from eBay, AOL or PayPal? Saying your account has been corrupted? If you don't have eBay, AOL or PayPal accounts, they're easy rip-offs to recognize. Click, click, click. Gone.
"But if your thoughts are halfway around the world, in a war zone where every day is a life-or-death matter for a loved one, and your bank is the Armed Forces Bank, then just maybe you get fooled this one time. Just takes once. Low-life scammers count on it -- all the way to the bank.
"'It's big business. And it is hard to track and really hard to shut down,' says David Jevans, chairman of the Anti-Phishing Working Group (APWG), an association of more than 1,100 companies and law enforcement groups worldwide trying to eliminate online fraud and identity theft scams." Phishing is becoming more sophisticated: "Over the past couple of years, phishing has become one of the top consumer crimes. A Gartner Inc. report in June estimated that 1.98 million Americans were victimized from May 2004 to May 2005 by phishing scams that stole $2.4 billion from their checking accounts. And APWG's phishing reports indicate that reported scams in 2005 have almost doubled in some months over last year's. They're such a threat that the new edition of the Oxford English Dictionary has added the term 'phishing' to its pages.
"'The Armed Forces Bank scam is part of a growing trend in phishing to focus on smaller financial institutions, such as credit unions, smaller banks and insurance companies,' Jevans said.
"'Basically, they are spreading out to smaller companies that are not as prepared to deal with it. There is a lot of testing out there to see who has systems that they can cash in on. . . . They're trying to stay ahead of spam filters, phishing filters, and they're trying different social engineering techniques.'
"In the Armed Forces Bank scam, the crooks mutated the message at least six times -- about every five or six days -- which the APWG says is business as usual...."
And remember this caution from the article in the Washington Post:
"Keep in mind that practically no legitimate companies contact customers via e-mail asking for private information. So the best advice? Click, click, click -- gone."