• News
  • SAN DIEGO
  • Finance

Internet phishing scam hooks victims with e-mails

For some time now, Internet scammers have been luring consumers into divulging their personal financial information and other sensitive data using a high-tech ruse called "phishing," and lately the number of those taking the bait is increasing at an alarming rate.

The phishing scam involves using phony but official-looking e-mail messages that deceive consumers into disclosing credit card, bank account and Social Security numbers, passwords, user names and other sensitive data by asking users for verification.

The message often threatens them with a dire consequence if they don't respond and directs them to a Web site that appears legitimate but unfortunately isn't. Once they're at the Web site, they're tricked into providing personal information that the scammers use to steal their identity, drain bank accounts and run up credit card charges.

"It's time to pay attention to this scam because it's running rampant now and all of us who use computers are potential targets," explained Kevin Landel, vice president of technology for California Coast Credit Union. "Consumers who respond to these phishing e-mails and turn over their personal or financial information are putting their accounts and financial status at serious risk. It's easy to be tricked."

According to statistics compiled by the Anti-Phishing Work Group (APWG), the number of reported phishing incidents rose 800 percent in the first six months of 2004, and an astounding 4,000 percent between November 2003 and May 2004.

By June of this year, the APWG reported an average of nearly 50 unique attacks each day, and as many as 3 percent to 5 percent of those who receive the e-mails are responding.

With thousands, if not millions, receiving these mass e-mailings, the payoffs can be potentially huge for the swindlers and the losses staggering for victims.

According to Landel, there are certain telltale signs that should raise people's suspicions about the legitimacy of the phishing e-mail they have received. Giveaways include scare tactics that play on security fears, use of generic greetings instead of the individual's name, forms to provide personal information and links to Web sites to validate or confirm account information.

"Thieves can use the data they gather to access existing bankcard accounts, open new bank or credit card accounts in the victims' names, and spread the phishing e-mail to even more people through computer viruses and worms," Landel said.

The single most important tip to avoid being scammed, Landel said, is simply don't provide any personal or financial information via e-mail. Financial institutions never request information in this manner.

In addition, be suspicious of e-mails with urgent requests for financial data; don't fill out forms in e-mail messages that request financial information, and don't use links to Web sites in e-mails.

Instead, use your browser's address field to go directly to your trusted institution's Web site. That way you know you are at a trusted site.

Also, don't give credit card numbers or account information unless using a telephone or secure Web site. A secure Web site will display https:// rather than http:// or a locked padlock will appear in the address line.

"Better still, pick up the phone and call your institution's customer service line," Landel said. "They not only can verify the information for you, but it acknowledges that you initiated the contact."

Landel also suggests checking bank and credit card statements on a regular basis to detect fraudulent use, using updated anti-virus software and regularly downloading security patches.

Consumers who have divulged sensitive information should notify their financial institution or credit card company immediately to close that account and open a new one. If a Social Security number has been disclosed, the three major credit reporting agencies should be notified so that a fraud alert can be imposed. Victims should also monitor their credit reports on a regular basis for any suspicious activity.


Barrett is head writer for Beck Ellman Heald.

User Response
0 UserComments