ou receive an e-mail that appears to be from your
bank. You recognize the logo and the letter format. It’s even signed
by the bank officer you deal with. It says there has been a glitch in
your account and asks for verification of some information—credit card
numbers, passwords and other personal information—which you quickly
supply.
Congratulations, you’ve just inadvertently given a crook the key to your bank account. This fraud technique, known as a phishing (pronounced fishing ), is growing in frequency and sophistication. This article will tell you how to guard against it.
HOW IT WORKS
A typical phishing sends out millions of fraudulent e-mail
messages that appear to come from popular Web sites that most users
trust, such as eBay, Citibank, AOL, Microsoft and the FDIC. According
to the Federal Trade Commission, about 5% of recipients fall for the
scheme and give information away.
Phishers wish to irrationally alarm recipients into providing sensitive information without thinking clearly about the repercussions. Victims might be told someone has stolen their PIN and they must click on the provided link to change the number.
At the linked site, victims see an exact copy of a site they know and trust. They enter their account number and PIN and a return response shows that the site is temporarily down due to maintenance or some other satisfactory-sounding excuse so they will not try to initiate a connection to the real site. It sometimes takes several weeks to realize a crime has been committed. Meanwhile, victims are hooked and the phisher uses the information to purchase goods, apply for new credit cards or steal their identity.
There are several free products that fight phishing by disclosing whether the Web site you contact is legitimate:
Netcraft Toolbar (
http://toolbar.netcraft.com ) works in both Internet Explorer
and Firefox.
Cloudmark Safety Bar (
www.cloudmark.com/products/safetybar ) only supports Internet
Explorer.
Mozdev.org TrustBar ( http://trustbar.mozdev.org )
works only in Firefox.
EarthlinkToolbar (
www.earthlink.com/software/free/toolbar ).
Microsoft also recently announced it is adding antiphishing features to Internet Explorer 6 and subsequent versions. The new phishing filter, which will require Windows XP SP2, will be available shortly in a beta version.
|
PROTECTION TIPS
As the use of financial transactions on the Internet becomes
more pervasive, con artists will continue to develop new and more
sinister ways to trick victims. Here are ways to protect yourself:
As a general rule, never e-mail personal or financial
information.
Never respond to requests for personal information in
e-mails. Banks, the IRS and legitimate businesses never ask for such
information through e-mail. If you are tempted to respond, call the
company instead.
If you initiate a transaction that calls for personal or
financial information, confirm that the Web site is secure by checking
for a lock icon on the browser’s status bar or a URL that begins https
(the s stands for secure ) instead of http.
Be aware that phishers are able to forge a security icon
only when they initiate an e-mail, which is why you never should
reveal information in response to a received e-mail.
Check credit card and bank statements as soon as you
receive them for any unauthorized charges. If your statement is late
by more than a couple of days, call the company or bank to confirm
your billing address and account balances.
Use antivirus software and keep it current. Use a
firewall if you have a broadband connection.
Report suspected abuses to the antiphishing network
authorities at
reportphishing@antiphishing.org and to the company that’s being
spoofed. If you suspect your personal information has been compromised
or stolen, be sure to promptly contact the Federal Trade Commission
and the identity theft Web site at www.consumer.gov/idtheft
.
Phishing is the latest crime of the 21st century. Understanding the
techniques and technologies phishers use can help you protect against
them.
Steven C. Thompson, CPA, PhD, is the McCoy Professor at Texas State University, San Marcos, and webmaster for the American Taxation Association. His e-mail address is taxman@txstate.edu .