DEVJOBS provides you the largest listing of jobs

We provide the largest number of jobs announcements in the development fields  

for Moderators only
SCAMBUSTER Series - Feature Article 15 
 

Phishing / identity theft

Source: www.scamdex.com  

Phishing or identity theft is so common today.  

What is it?

Phishing is an Internet scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

 

What is Phishing and Pharming?

Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. -- Definition from Anti-Phishing Working Group

How does it work?

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.

  • Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
    • phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are

  • Don't use the links in an email to get to any web page, if you suspect the message might not be authentic
    • Ccall the company on the telephone, or log onto the website directly by typing in the Web address in your browser

  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone

  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
    • to make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://"

  • Consider installing a Web browser tool bar to help protect you from known phishing fraud website
    • EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites.
    • Cloudmark and Qurb both also have commercial toolbars that perform the same service. (see ads opposite)

  • Regularly log into your online accounts
    • don't leave it for as long as a month before you check each account

  • Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
    • if anything is suspicious, contact your bank and all card issuers

  • Ensure that your browser is up to date and security patches applied
    • in particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page to download a patches relating to certain phishing schemes

  • Always report "phishing" or & "spoofed" e-mails to the following groups:
    • forward the email to reportphishing@antiphishing.com
    • forward the email to Scamdex
    • forward the email to the Federal Trade Commission
    • forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
    • when forwarding spoofed messages, always choose the option to 'send as an attachment' so that the entire original email with its original header information remains intact
    • notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/

Show me an Example of a Phishing website

How is phishing different from "pharming"? Click here to find the answer

US Federal Trade Commission Consumer Alert

How Not to Get Hooked by a Phishing Scam

An email arrives in your mailbox saying:

"We suspect an unauthorized transaction on your account.
To ensure that your account is not compromised,
please click the link below and confirm your identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

Have you received email with a similar message? It's a scam called "phishing" and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

According to the Federal Trade Commission (FTC), the nation's consumer protection agency, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with - for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message may ask you to "update", or "validate" or "confirm" your account information.

Some phishing emails threaten a dire consequence if you don't respond. The messages direct you to a website that looks just like a legitimate organization's site. But it isn't. It's a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC suggests these tips to help you avoid getting hooked by a phishing scam:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser because phishers can make links look like they go to one place, but that actually send you to a different site.

  • Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.

    Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

    A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit.

  • Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.

  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

  • If you believe you've been scammed, file your complaint at ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft. Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

    You can learn other ways to avoid email scams and deal with deceptive spam at ftc.gov/spam.

The US FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

What is pharming?

Pharming is an attack in which a user can be fooled into entering sensitive data such as a password or credit card number into a malicious web site that impersonates a legitimate web site. It is different than phishing in that the attacker does not have to rely on having the user click a link in an email to deceive the user-- even if the user correctly enters a URL (web address) into a browser's address bar, the attacker can still redirect the user to a malicous web site.

How can you protect yourself?

Only use pharming-conscious or (PC) web sites. A PC web site uses a secure connection to prevent other web sites from impersonating it. PC web sites typically use the HTTPS web protocol on their login page to allow the user to verify the web site's identity. If an attacker attempts to impersonate a PC web site, the user will receive a message from the browser indicating that the web site's "certificate" does not match the address being visited. Users should NEVER click Yes in response to such a window, otherwise they might get duped by a pharming attack.)

ADDITIONAL INFORMATION:

Read article from USA Today - "Pharmers" hit online bank users with fraud scam

Read warning article from the Anti-Phishing Working Group on how to avoid phishing scams

 

Beware of tax refund scams

ATLANTA, Georgia (CNN) -- It's just the news that hardworking taxpayers want to see in their inbox: an update on their refund from the Internal Revenue Service.

But instead of clicking on that e-mail's links, federal officials advise you to hit the delete key.

That's because dozens of scams, known as "phishing" schemes, are making the rounds, poised to steal your personal information.

"This phishing scheme is exploding," said IRS Commissioner Mark Everson.

"Last year we got wind of seven different kinds of schemes. That was in all of 2005. This year we've already seen 65."

Even the commissioner of the New York State Department of Taxation and Finance got one of the phishing e-mails -- on his government computer.

"It's a reflection of how brazen these crooks have become," Commissioner Andrew Eristoff said.

"Here they are targeting a tax administrator with a tax refund scam. Unbelievable," he said.

Phishing is an e-mail trick that "lures" users with a promise of money or an urgent security warning that asks users to update their information. But instead of going to a financial institution or the government, the precious personal data goes to identity thieves.

IRS doesn't e-mail taxpayers

At least during this tax season, Internet users don't even have to try and distinguish real from fake information from the IRS. Anything you get in your inbox with an IRS address is a fraud.

"We do not communicate with taxpayers by e-mail so no one should respond to an e-mail purporting to be from the IRS," Everson said.

Bogus offers on the Internet are nothing new. But sneakiness and sophistication have reached a level that can fool just about any user at one time or another.

Computer researchers are studying what makes fake sites so believable, with a goal of helping Web designers beef up security.

Rachna Dhamija, a postdoctoral fellow at the Center for Research on Computation and Society at Harvard University, said anyone can be duped.

"In our study, users proved vulnerable across the board to phishing attacks," Dhamija said. "Neither their age nor their previous experience with the Web site nor their level of education had any impact on their ability to distinguish a phishing Web site from a legitimate Web site."

Researchers at Harvard and the University of California, Berkeley, showed a series of real and fake Web sites to 22 people, all staff or students at UC Berkeley. Their ages ranged from 18 to the mid-60s.

"Some of our most educated users and most cautious users were also very surprised at their inability to detect the legitimate versus phishing Web sites," Dhamija said.

The "best" of the "worst"?

The site that fooled 90 percent of study participants was an exact replica of the legitimate Web site of the Bank of the West. But in the address bar, instead of the word west being spelled with a w, it was spelled with two v's. That was tough for users to spot, Dhamija said.

Many phishing Web sites prey on the fears users have of making their personal information vulnerable. E-mails will arrive from banks, credit card companies or Internet Service Providers with urgent warnings to "update your account now!"

One way users can protect themselves is to lessen the chance of landing on a phishing site in the first place.

"One way to do that is to never click on a link from an e-mail. Users should always type in the URL directly into the address bar," Dhamija said. "For example, if they want to go to the IRS Web site, they need to type www.irs.gov."

And Internet users should always check to make sure they don't have a typo in the address. That's a common tactic of criminals, to create a bogus site that is a letter or two off from a legitimate one.

"If users visit Web sites frequently, a financial Web site for example, they should bookmark that site or save it in their "Favorites" in the Internet Explorer browser," Dhamija said.

Will e-mail be a part of IRS communication in the future?

"Over 50 percent of returns are now filed electronically," Everson said. "That is safe, that is secure. We look at the further use of technology, but right now, all I can say is we do not reach out and communicate with taxpayers by e-mail."

 

click here to see previous article

click here to see next article

Click here to return to the DEVJOBS Home Page

  Home
 Jobseekers' area
  Employers' area
  Jobs archives
  FAQ
  Our mission
  Members' comments
  Send comments
  Subscribe
  Unsubscribe
  Feature articles
 Post a job advertisment
 About us
 Pay bills
 Advertising
 Other jobsites
 Terms of use
 carlosani.com
 Free Downloads

 

 

 
You may download all of these 30 useful articles about scams and fraud in one go, by getting our free zip file. This is free of charge. Just click here.

 Click here to return to the SCAMBUSTER Series Article List

Click here to return to the homepage

DISCLAIMER:  The purpose of this part of this website is to provide general information to the public. Information contained herein is believed to be accurate, but no warranty is made as to accuracy or appropriateness.  All opinions and biases are that of the authors and does not necessarily reflect that of the website owners - DEVJOBS Information Service. Furthermore, some information contained herein may be outdated or incomplete.

PUBLIC SERVICE: This SCAMBUSTER Series is a collection of articles, web resources and warnings about online fraud and scam in the Internet. This is a public service of DEVJOBS and    Carlos Ani,  an international microfinance consultant. My  updated CV is in this website.

This is a public service of DEVJOBS Information Service  
DEVJOBS provides you the largest listing of jobs

and

international microfinance consultant

This page was last updated

©2006 DEVJOBS Information Service. All Rights Reserved. This website is being maintained by Carlos P. Ani.