On a recent flight about to take off from Cleveland to Boston I could not help but hear the phone conversation that was taking place nearby. The lady behind me was on the phone, ordering gifts for herself from sky-mall. To my amazement, overheard by many, she gave her entire personal and secured information to the person taking the order at the other end. With lack of common sense such as this, it undoubtedly comes as no surprise that identity theft crimes are on the rise in the world. This is the first of several articles I am dedicating to the topic of information security and the first topic I will cover is that of Phishing.
Just this morning I received an email from a bank claiming that they noticed unusual activity in my account and they need me to verify my information before they allow any additional activity. A couple of days ago I received an email encouraging me to extend my Wall Street Journal subscription so I may get the weekend paper as well.
Phishing is the loathsome act performed by online thieves who are using emails and web sites to capture your personal and confidential information such as account numbers and passwords. The technique they use is pretty simple but vicious. You receive an email from what looks like a legitimate source such as a bank, or a known magazine, alerting you that there is a problem with your information or your account is about to expire. They encourage you to immediately click on the link provided and submit your information to avoid suspension or problems. My recommendation … DON’T!
According to a published report by Gartner in May 2004, 57 million consumers received Phishing emails in the US. The number of checking accounts that were breached was 1.98 million totaling 2.4 billion in fraud. What is even more alarming is the fact that the number of victims grew to around 10 million people by the end of 2004. Some of the recent Phishing attacks were using companies such as eBay, Amazon, MSN, Paypal, AOL and many more. Click on any of the hyperlinks above to see how nearly identical the scamming information requests look compared to the real thing. The resemblance is amazing.
So how do you detect a possible scam and how do you avoid it?
- Legitimate organizations do not send emails requesting you to update your personal and secured information. Do not reply to any email requesting your confidential information. The only exception is if you initiate the request by going to a site you trust 100%, and by typing the address into your browser. Do not click on links supplied in emails.
- A sense of urgency is created encouraging you to react right away so your account is not suspended.
- The email address you are encouraged to click on is spoofed, meaning, it is a fake address taking you to what looks like the real company but it is not. Do not click on the link supplied in the email. Instead, either call the organization or log on to their web site by directly typing their web address (URL) into your browser.
- When entering personal information you must make sure the site is secured. The web address should start with https:// and not http://.
- Never email personal or financial information since emails are not secured or encrypted.
- Trust your intuition. If anything looks suspicious, contact your bank, credit card company or whatever organization immediately and validate the offer.
- Regularly check your online accounts as well as printed invoices. My recommendation is to do this at least once or twice a month.
- Alert your family, friends and business acquaintances.
Some additional resources:
- Federal Trade Commission
- How Not to Get Hooked by a Phishing Scam
- Anti-Phishing Working Group
- Report Phishing emails to: mailto:[email protected]
The Internet is one of the greatest inventions of our time. It greatly simplifies our life by allowing functions such as research, leisure activities, banking and shopping to come into our homes. However, this great new world brings with it a threat that has the potential to steal our identities. It is an Engineer’s Motto that says, “Question everything. Learn something. Answer nothing.” Use your common sense and don’t let these criminals “fish” your identity.