Phight Phraud

Steps to protect against phishing.

ou receive an e-mail that appears to be from your bank. You recognize the logo and the letter format. It’s even signed by the bank officer you deal with. It says there has been a glitch in your account and asks for verification of some information—credit card numbers, passwords and other personal information—which you quickly supply.

Congratulations, you’ve just inadvertently given a crook the key to your bank account. This fraud technique, known as a phishing (pronounced fishing ), is growing in frequency and sophistication. This article will tell you how to guard against it.

A typical phishing sends out millions of fraudulent e-mail messages that appear to come from popular Web sites that most users trust, such as eBay, Citibank, AOL, Microsoft and the FDIC. According to the Federal Trade Commission, about 5% of recipients fall for the scheme and give information away.

Phishers wish to irrationally alarm recipients into providing sensitive information without thinking clearly about the repercussions. Victims might be told someone has stolen their PIN and they must click on the provided link to change the number.

At the linked site, victims see an exact copy of a site they know and trust. They enter their account number and PIN and a return response shows that the site is temporarily down due to maintenance or some other satisfactory-sounding excuse so they will not try to initiate a connection to the real site. It sometimes takes several weeks to realize a crime has been committed. Meanwhile, victims are hooked and the phisher uses the information to purchase goods, apply for new credit cards or steal their identity.

There are several free products that fight phishing by disclosing whether the Web site you contact is legitimate:

Netcraft Toolbar ( ) works in both Internet Explorer and Firefox.

Cloudmark Safety Bar ( ) only supports Internet Explorer. TrustBar ( ) works only in Firefox.

EarthlinkToolbar ( ).

Microsoft also recently announced it is adding antiphishing features to Internet Explorer 6 and subsequent versions. The new phishing filter, which will require Windows XP SP2, will be available shortly in a beta version.


Technology Conference
June 11–14, 2005
Hilton, Austin, Texas

Information Security: Critical Guidance for CPAs in Public Practice and Industry (# 732450JA). (Also available as a public seminar or as on-site training. For more information, visit ).

To order or to register go to or call the Institute at 888-777-7077.

As the use of financial transactions on the Internet becomes more pervasive, con artists will continue to develop new and more sinister ways to trick victims. Here are ways to protect yourself:

As a general rule, never e-mail personal or financial information.

Never respond to requests for personal information in e-mails. Banks, the IRS and legitimate businesses never ask for such information through e-mail. If you are tempted to respond, call the company instead.

If you initiate a transaction that calls for personal or financial information, confirm that the Web site is secure by checking for a lock icon on the browser’s status bar or a URL that begins https (the s stands for secure ) instead of http.

Be aware that phishers are able to forge a security icon only when they initiate an e-mail, which is why you never should reveal information in response to a received e-mail.

Check credit card and bank statements as soon as you receive them for any unauthorized charges. If your statement is late by more than a couple of days, call the company or bank to confirm your billing address and account balances.

Use antivirus software and keep it current. Use a firewall if you have a broadband connection.

Report suspected abuses to the antiphishing network authorities at and to the company that’s being spoofed. If you suspect your personal information has been compromised or stolen, be sure to promptly contact the Federal Trade Commission and the identity theft Web site at .

Phishing is the latest crime of the 21st century. Understanding the techniques and technologies phishers use can help you protect against them.

Steven C. Thompson, CPA, PhD, is the McCoy Professor at Texas State University, San Marcos, and webmaster for the American Taxation Association. His e-mail address is .

Where to find February’s flipbook issue

The Journal of Accountancy is now completely digital. 





Get Clients Ready for Tax Season

This comprehensive report looks at the changes to the child tax credit, earned income tax credit, and child and dependent care credit caused by the expiration of provisions in the American Rescue Plan Act; the ability e-file more returns in the Form 1040 series; automobile mileage deductions; the alternative minimum tax; gift tax exemptions; strategies for accelerating or postponing income and deductions; and retirement and estate planning.