Phishing Scams Take a Sophisticated Turn
Phishing is an attempt to steal personal information by sending emails that appear to come from reputable sources, such as financial institutions, credit card companies, online merchants or federal regulatory agencies.
Many scams also originate with a telephone call asking you to verify things such as your account number or social security number. As phishing scams grow in number and sophistication, even the most savvy consumers can get hooked.
Due to advances in technology, fraudulent emails often look believable. They may include graphics stolen from legitimate websites and have spoofed ‘from’ addresses to make them appear to be reputable. You can no longer easily detect fraud through off-the-wall sender addresses and emails rife with misspellings.
Most phishing emails reel in respondents by demanding immediate action or else:
- Their accounts will be cancelled or suspended.
- Unwarranted charges will be posted to their credit cards.
- They will no longer be able to access the site in question.
Some, ironically, request account verification due to an increase in identity theft.
Requests for personal information are often right in the graphics of the email, or there is a link included to direct consumers to the sender¹s website. The link accesses a phony webpage with a similar address to the real site (example: www.secure.ebay.com). This site looks nearly identical to the actual site for that institution. It includes a login box or other requests for personal information.
Your user name and password are all that the crooks need to take over your accounts. But sometimes they are so bold as to request items such as your Social Security numbers, birth date or credit card verification codes.
The most commonly spoofed sites are those of:
- Credit card companies: Visa, MasterCard, American Express
- Banks: Capital one, Citibank, SunTrust, Bank of America, Fleet Bank
- ISPs and online merchants: eBay, PayPal, AOL, Earthlink
But there are many others as well.
If you receive an email requesting account verification or other personal information, take the following steps:
- Do not respond to the request. Companies will not ask you to verify this information online.
- Do not click on the link in the email. Even looking at the link out of curiosity could allow the crooks to send viruses or spy software to your computer.
- If you’re worried the message may be legitimate, close the email and log on to your account the way you usually do. Or call the company at a verified number.
- Forward fraudulent emails to the company in question. (Most frequently phished companies now have fraud alert sections on their websites.) And report the scam to the Federal Trade Commission at email@example.com. This can help them shut down the illegal sites and prosecute the crooks.