Scammers are "Phishing" - Don't Get Hooked
by Clarence Smith
Email scams are an increasing threat, as they evolve into something less transparent than the Nigerian scheme. You know the basic plea in that one: You will be generously rewarded for helping the kin of a deposed African diplomat transfer huge sums of money. Bite and you will receive "official" documents asking for your bank account numbers.
In the past nine months, criminals have vastly improved their professionalism in this arena. "Amateur hour," when you could easily spot the fake, is nearly over. Today, many scam messages look entirely plausible. Using a "spoofed" email scam is known as "phishing." Internet swindlers use email to lure people to bogus web sites that mimic those of reputable companies, and deceive visitors into divulging credit card numbers, bank account information, social security numbers, passwords, and other sensitive information. Brands and logos, touchstones on which people have relied to decide who and what to trust, can disarm the unwary. We must be very careful that others do not steal our identities and sensitive information.
One recent fake email seemingly from the "Citibank Security Department" asks receipients for account information to help the bank upgrade its computer services. Another, from "Accounts Management," seeks credit card information so that customers might "maintain the Citibank experience." Would-be victims are encouraged to click on link that seems legitimate because the long string of characters begins with www.citi.com. Those who take the bait are directed to what appears to be a Citibank Service site, but it is not. You would be hard pressed to tell the real Citibank logos, graphics, copyright notices, and other authentic information from the blended fake content.
In the past, one tip-off to a faked message was rampant misspelling. (Many spammers cleverly construct their scam messages, using tactical misspelling to bypass filtering software.) However, today's spam can reach you without mangled grammar, excessive repetition of words, and misspellings that signaled scams in the past.
In May, the Anti-Phishing Working Group reported the most-targeted industry sector is financial, the most targeted company is Citibank, and 95% of phishing and email fraud attacks used spoofed or forged "from" addresses. Further, approximately 5% of recipients follow the instructions when they receive a faked message about updating their financial records. The web page to which they are directed looks legitimate, so they get "hooked," by "updating" the information with such things as social security, checking, and savings account numbers.
UCit urges you to take steps to protect yourself. First, treat any unsolicited email request for financial information, or other personal data, with suspicion. Enter personal information only on a secure web site; look for a "locked padlock" in the lower right-hand side of the browser or "https" at the beginning of the address. Contact the business that apparently sent the email to verify a request for personal or financial information. Regularly update anti-virus software and security patches to your system software. (A phishing email may contain harmful viruses that are deployed when you simply open the message.) Carefully check your monthly bank statements to verify all transactions.
Many swindlers phish in the financial pond, but also beware if you receive email from a stranger saying that you just won a prize, have just been chosen to benefit from an astonishing deal, or have won $65,000 due to your email address being chosen in a lottery.
If it sounds too good to be true, it probably is.
|
