May 1, 2009
Phishing: Don’t take the bait!
What is it about the estate laws in Nigeria that make it so diffiicult for princes to retrieve their millions in inheritance? We’ve all received that hoax email from someone that needs your help in recovering millions in a bank account. One of the more common forms of hoax email is the “phishing” scheme. Phishing is when an email sender tries to trick the recipient into thinking the message is from someone else. The message may ask you to “update,” “validate,” or “confirm” your account information. Phishing emails typically attempt to trick people into revealing financial data, or direct you to spoof sites or phone numbers to call where they ask you to provide personal data.
The consequences of falling prey to a phishing scam can be devastating. Scammers potentially gain access to your credit card, social security number, bank account, password or personal information. Your data is traded on the black market and, in a worst case scenario, you end up becoming the victim of identity theft. Some creative scammers even use your data to defraud others of greater amounts of money. In one scenario, a scammer will gain access to your account information on an auction site such as eBay. Trading in your name they sell a fake item worth thousands of dollars. A buyer bites and you’re left explaining why don’t know anything about it.
It’s estimated that over 100 million phishing e-mails are sent ... every day! Losses are estimated at over $1 billion a year.
What does a phishing scam look like?
A phishing scam can take many forms. The scam is traditionally spread through email and might appear to come from a financial institution, company you regularly do business with, ecommerce site such as ebay or Paypal or from a social networking site. Phishing email often includes official company logos and can look convincingly like they come from legitimate websites.
The following is an example of what a phishing scam in an e-mail message (as displayed on an informational page on the Microsoft website) might look like.
Note that the graphic header is the actual logo taken from the real company’s website. The email includes a masked link to a fake website. The text of the link appears to be from the actual company’s website but if you place your mouse pointer above the link (rest it above - do not click the link) it reveals that the real address is actually a totally bogus site (184.108.40.206 ...). Scammers will sometimes also use addresses that contain minor alterations of the real company’s name (eg. wellsfagro.com) in the hope that you don’t notice. In either case, clicking on the link will take you to a spoofed site that attempts to have you submit your personal information.
There are several steps you can take to help protect yourself against phishing scams:
And just when you thought it was safe to go back in the water…
The solution here is crystal clear. No legitimate company or financial institution will send you a text message asking you to call them and submit personal information. Do not reply. It’s that simple.