SCI/TECH: Phishing Scams on Increase for the Holidays

"Phishing," the increasingly common method of tricking people into divulging personal information such as passwords and credit card or bank account numbers, has seen a meteoric rise in popularity among internet criminals, but it is poised to reach new heights this holiday season. The popularity of internet shopping has faced some setbacks as consumers become more aware of the dangers posed by these increasingly sophisticated scams.


As if spam and worms were not enough of a problem, now unsolicited email is even more risky since that is the preferred method of tricking unsuspecting users into giving out the information needed by internet outlaws to take money from bank accounts, fraudulently buy merchandise with credit cards, and even steal a person�s identity. Employers must be doubly concerned about the practice of "phishing" because many employees do online shopping from office computers. These crafty messages can install keystroke-logging or Trojan house programs that may put confidential business information.

A few tips to avoid falling victim to "phishing" include:

• Be suspicious of any unsolicited email that asks for financial information. Online businesses should never request your username, password, or account number via email or IM.
  
• Do not use links in an email message to get to any web page. These can be redirected to sites that steal information
  
• Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
  
• Make sure that your web browser and operating system are up to date and all security patches have been installed.
  

These tips and much more helpful information can be found at www.antiphishing.org... . Awareness and caution are really the best defense to keep you safe online this holiday season and the rest of the year.

Related News Links
Tis the season for phishing scams
Phishing, from Wikipedia
Anti Phishing Working Group



[edit on 28-11-2004 by Banshee]

I got hit by two of these - and one I took the bait.

I have a 2checkout account and a paypal account and have had phish attempts at both. Now there was something very phishy about this cause I use about 10 different email address for different things, but the phish emails went to the exaact email address I use in conjuction with the two above accounts... maybe an inside job? Maybe the companies doing it themselves to raise awareness by teaching leasons the hard way?

Anyway I had to go thru the hassle of cancelling a credit card and getting a new one which is a real bitch...

Hey, Spectre, good job. This is something we shold all be made aware of.

The two most commonly phished items appear to come from Citibank and PayPal.

Now, I don't remember EVER using paypal. I got an email TODAY, asking me to update my account. If I didn't it might become invalid.
Now, I clicked on the link *GASP*, the site looked so real. It then asked me for my name and complete addressm, social security number, mother's maiden name....at that point, my vision blurred and I closed the window. Oh, and the address did not have www.paypal.......
I then went to paypal, using google. I couldn't really find the same page there. I submitted the email to their fraud section. We'll see.

Now there is a small chanace this was legit. If I hear aback from them and it is fraud, I will post the phishing email.

Thanks, DToM. I have personally seen quite an increase in the volume of phish-mails that cross our servers. Unfortunately, examples of the messages are all to common. I'll link a couple below. Very sorry to hear about the hassle, webvida. What a pain, but at least you caught it before anything terrible happened. I couldn't guess how they go about harvesting accurate email addresses for accounts; that bears some research.

Paypal Account Phish

CitiBank Phish (with fake website)

Maybe I will do a follow-up post on the 'Togo Version' of the old 'Nigerian 419 scam' of which I see ten copies a day!

* Do not use links in an email message to get to any web page. These can be redirected to sites that steal information.

Wow. I do this all the time. I was unaware of this.

I have a credit card with one of the major companies. I use their website quite often to check balances, etc. All of a sudden, I'm asked to supply all my personal info to them again because they redesigned their website. This info included SS number and the 3 digit code on the back of the card. I called the company and asked if this was legit. Yes, they said.

Forget it, I said. I just won't be using their website anymore. I could not believe that they actually wanted me to re-enter this info over the enet. They obviously already had the info.

Originally posted by Spectre
Thanks, DToM. I have personally seen quite an increase in the volume of phish-mails that cross our servers. Unfortunately, examples of the messages are all to common. I'll link a couple below. Very sorry to hear about the hassle, webvida. What a pain, but at least you caught it before anything terrible happened. I couldn't guess how they go about harvesting accurate email addresses for accounts; that bears some research.

Paypal Account Phish

Yep, basically that is the email I got from "paypal".
In the fraudulent email, the header was obviosly not from paypal.
The really scary thing, when you looked at the login from the real paypal (a link reached from a google search) and the alleged phish link, THE PAGES LOOK IDENTICAL!!!!!!!!!!! The only difference was the address up in the address line of my browser.
I had saved the email to post a weshot of the info they ask for, but much to my surpirse, it now is a link to a site in Russian I guess they have been found out at that site

I am now in the process of changing all my passwords connected with the email addresses I use. You can never be tooo careful IMHO

BEWARE folks!!!