Thursday, May 12, 2005

Beware of Phishermen

Gone phishing lately?

If so, you better not admit to it; it’s against the law.

Phishing is the latest method cyber-crooks are employing to part you from your money. Spam is still a huge problem. But phishing, which is actually a type of spam itself, goes a step further by trying to trick you into voluntarily making your bank account information available.

Recently, one of the nation’s largest electronic financial companies released the results of a survey that showed at least 43 percent of all Internet users have received a phishing contact, and five percent have actually given away their account information.

I get at least half a dozen phish e-mails every day. Most of them are trying to get into my eBay or Pay Pal accounts. Some are trying to get account information from banks that I don’t even have an account with.

Phishing attempts can be very cleverly disguised. First time recipients of such e-mails may be tempted to supply the information asked for.

For example, today I received an e-mail that looked like it was from Charter One Bank. It was very professional looking, complete with the bank’s official logo. It even had a copyright notice at the bottom.

The message stated that the bank’s technical service personnel were upgrading their software and they would like me to log into my account and verify my personal information. They even supplied a Web link that I could click on, which was a real Charter One Web site.

Clicking on the link, however, didn’t send me to an authentic Charter One page, but a page that looked for the world like it was one. Hovering my mouse cursor over the link revealed that it was actually taking me to an undisclosed IP address. Those unaccustomed to phishing scams may not have even noticed.

Once at the fake Web site, which again looked identical to the real thing, I was presented with an official form asking for my name, account number, Web password, etc.

Obviously, I didn’t actually fill out the form. Had I done so, the crooks would have had complete access to my bank account, assuming that I actually had an account at Charter One Bank.

It succeeds more often than you might think. Individuals are sometimes out thousands of dollars because they are not careful enough.

A recent Associated Press news story revealed how an Alabama woman was robbed of $6,000 because she was too busy to check the authenticity of an e-mail message she had received asking her to verify her bank account information.

So how can you tell what’s real? How can you catch the phish?

For one thing, legitimate companies never ask for your passwords in e-mail messages. But most phishing scams don’t either. They ask you to click on an authentic-looking Web address that takes you to a fake site.

But messages from real banks seldom ask you to click on a Web address. They ask you to log in to your online account, which is something you would know how to do if you were a banking customer of theirs..

If they provide a Web address and you’re unsure if it is real, don’t click on the link. Type it in manually. That way you know you’re at the banks actual site.

Most importantly, just realize that banks do not generally need to query you for your personal information again once you’ve signed up the first time. If they do, I would consider changing banks. Banks that lose your account information do not deserve your business.

No comments: