Phishing – Prevent Credit Fraud Scams

A new phenomenon in credit fraud—phishing—has emerged, targeting online bankers and shoppers around the world. Phishing (pronounced fishing) is just what it sounds like—scammers fishing for information. Phishing schemes typically consist of e-mail messages designed to lure people to phony Web sites and reveal their personal information, which fraudsters use to commit credit fraud and identity theft.

How Phishing Works

When credit fraud thieves go on “phishing” expeditions, they trick their victims into a false sense of security by mimicking the trusted logos and designs of legitimate companies. A typical phishing scam starts with a scammer sending out millions of emails that appear to come from an established bank or online retailers.

For example, in a recent phishing scam, computer users received an email that appeared to come from a major bank, warning them that recent fraud activity had jeopardized the security of their account. They were sent to a fake Web site and told to enter their bank account numbers. Any personal or financial information entered was routed to identity thieves.

As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. Not all phishing scams use a fake Web site. Vishing scams use Voice over Internet Protocol (VoIP) technology to trick people into revealing personal and financial information over the phone. Some of the boldest phishing and vishing scams demand a victim’s name, address, credit card details, ATM code, Social Security number, and other information useful for credit fraud and identity theft.

To maximize a phishing scam’s success, a phisher might employ any or all of the following tactics:

  • Using a well-known company’s name and mimicking the look and feel of its Web site.
  • Incorporating the names of real people who work at the company, such as CEOs or well-known executives, in the text of the message or in the “from” line.
  • Using technology to make a link in an email (and the spoofed Web site it redirects to) appear legitimate. Misspelled URLs and sub domains are common tricks used by phishers. Another tactic is to make the anchor text for a link appear to be a valid URL when the link actually goes to a phony site.
  • Sending urgent or warning messages to scare recipients into responding. A common phishing e-mail cautions users that they will lose access to their accounts unless they respond immediately.

These clever phishing tactics are paying off for phishers. According to a recent study by Gartner Research, the number of American adults who believe that they have received phishing e-mails has nearly doubled in the past two years. Approximately 109 million US adults received phishing e-mails in 2006, up from 57 million in 2004. Financial losses stemming from phishing attacks rose to more than $2.8 billion in 2006.

Avoid Phishing and Credit Fraud Scams

As the number and sophistication of phishing scams increases, it is important to be aware of phishing and credit fraud. While online banking and e-commerce is very safe, you should always exercise caution when giving out personal and financial information online or offline. We offer the following tips to prevent getting hooked by a phishing scam:

  • Be suspicious of any email with urgent requests for personal or financial information, such as user names, passwords, credit card numbers and Social Security numbers. Banks and e-commerce organizations will never email you and ask you to input all of your sensitive information.
  • If you receive a suspicious email that appears to come from your bank or another trusted source, call the company on the telephone to verify, or log onto the Web site directly by typing in the Web address in your browser.
  • When submitting personal or financial information via your Web browser, always double-check that the site is secure. Just because the site’s address begins with “https//” does not necessarily mean the site is secure. Phishers can spoof both the “https://” and yellow padlock icon used by secure Web servers, so be sure to enter the address of any banking or e-commerce Web site in your browser.
  • Keep your browser and security software up-to-date so that security patches are promptly applied.
  • Get Proactive identity theft protection. Checkout our top rated identity theft protection services to help stop identity theft before it happens from TrustedID, Identity Guard, LifeLock, ProtectMyID, and ID Patrol from Equifax. To avoid becoming a victim of new phishing scams, your best defense is your good judgment.

Comments are closed.