"Phishing," the latest craze among online evil-doers, has nothing to do with sitting at the end of a dock on a sunny afternoon dangling a worm to entice hungry catfish. But, if you take their bait, this new breed of online con artist will hook you, reel you in, and take you for every dollar you have... or worse. "Phishing" describes a combination of techniques used by cyber crooks to bait people into giving up sensitive personal data such as credit card numbers, social security numbers, bank account numbers, dates of birth and more. Their techniques work so well that, according to FraudWatchInternational.com, "phishing" rates as the fastest growing scam on the Internet. Here's the basic pattern for a "phishing" scam... You receive a very official email that appears to originate from a legitimate source, such as a bank, eBay, PayPal, a major retailer, or some other well known entity. In the email it tells you that something bad is about to happen unless you act quickly. Typically it tells you that your account is about to get closed, that someone appears to have stolen your identity, or even that someone opened a fraudulent account using your name. In order to help straighten everything out, you need to click a link in the email and provide some basic account information so they can verify your identity and then give you additional details so you can help get everything cleared up. Once you give up your information... it's all over but the crying! After getting your information, these cyber-bandits can empty your bank accounts, deplete your PayPal accounts, run up your credit card balances, open new credit accounts, assume your identity and much worse. An especially disturbing new variation of this scam specifically targets online business owners and affiliate marketers. In this con, the scammer's email informs you that they've just sent $1,219.43 (or a similar big but believable amount) in affiliate commissions to you via PayPal. They need you to log into your PayPal account to verify receipt of the money and then email them back to confirm you got it. Since you're so excited at the possibility of an unexpected pay day, you click the link to go to PayPal, log in, and BANG! They have your PayPal login information and can empty your account. This new "phishing" style scam works extremely well for 2 basic reasons. First, by exploiting your sense of urgency created by fear or greed, crooks get you to click the link and give them your information without thinking. Second, the scammers use a variety of cloaking and spoofing techniques to make their emails and websites appear totally legitimate, making it extremely hard to spot a fake website, especially when they've first whipped you into an emotional frenzy. The good news, however, is that you can protect yourself relatively easily against this type of cyber-crime with basic software and common sense. Most of these scams get delivered to you via Spam (unsolicited email), so a good spam blocker will cut down on many of them even making it to your inbox. If you receive an email that looks legitimate and you want to respond, Stop - Wait - Think! Verify all phone numbers with a physical phone book or online phone directory like www.Verizon.com or www.ATT.com/directory/ before calling. Look for spelling and grammatical errors that make it look like someone who doesn't speak English or your native language very well wrote it. Never click the link provided in the email, but go directly to the website by typing in the main address of the site yourself (example: www.paypal.com or www.ebay.com). Forward the email to the main email address of the website (example: support@paypal.com) or call the customer service number on the main website you typed in yourself and ask if it is in fact legitimate. Above all remember this: Your bank, credit card company, PayPal, eBay and anyone else you deal with online already knows your account number, username, password or any other account specific information. They don't need to email you for ANY reason to ask you to confirm your information -- so NEVER respond to email requests for your account or personal details. |
