|
By Jamie Schaub
Business Systems Manager,
Wyoming Workers’ Safety and Compensation
What would you do if you received an email from your bank that said they had seen some suspicious activity on your account and in accordance with your customer agreement and to ensure your account wasn’t compromised they had restricted account access? Your account would remain in this limited state until you logged in and performed the necessary steps. The email might add, “Please understand that this is a security measure and is necessary to protect you and your account. By clicking on the following link you can perform the verification process: login to online account .”
Would you click on the link and supply the requested information? If so, you would have been caught. The scenario above is an example of "phishing."
Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent email messages that appear to come from legitimate businesses. These authentic looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and social security numbers. Phishing is becoming more common and has spoofed common brand name companies. Some of the companies that have been victimized are eBay, PayPal, Citibank, AOL, MSN, and Verizon.
Phishing not only takes advantage of the customer but also the institution that is being spoofed. The attacks can undermine trust, damage brand and reputation, reduce productivity as employees help distressed customers, and create liability for customer losses.
Source: http://www.antiphishing.org
Over the last year there has been a remarkable rise in phishing sites, with a 24% growth from July 2004 to December 2004. As you can see from the graph above, there have been over 400 active sites a week for the last several months. These sites only stay active on average six days until the proper authorities get involved. The Phishers then start up a new site with a similar scam. According to some estimates, there have been over 57 million people and over 100 brands affected so far. This problem is increasing, and you need to be careful to avoid becoming a victim.
How to detect a suspicious email that may be a phishing expedition:
•Are there errors or misspellings in the email?
•Do you have an account with the company?
•Does the company usually contact you via email?
•Does the company even have your email address?
•Is there a sense of urgency concerning your account?Example: Your account will be closed or temporarily suspended.
What to do if you suspect phishing:
If you have questions, call the company, but don’t use the phone number in the email. Do not click on the link in the email. Type in the company’s address manually in your browser. If you do receive a suspicious email, contact the company and make them aware of the scam. You might be able to save others from falling for the same con.
|
