phishing scams

Home / Contact Us / More Scams / Terms of use  

Scams

Paypal / E-mail / Adware / Paid survey & shopping / Get rich quick / Home business E-book / Affiliate sales / Refinancing and Home equity loan / Nigerian scam / Phishing scams / Medical billing scams / Telephone scams /

Are cyber-criminals phishing your identity from your computer?

By Anti Spam League

Phishing (definition) (FISH.ing) pp. Creating a replica of an existing web page or HTML email input form to fool a user into submitting personal, financial, or password data. —adj.

Today phishing seems to be one of the most serious new scams on the Internet. Now hackers and spamming companies not only bother you with thousands of unwanted emails each day but also, you might be the victim of a phishing attack! Phishing refers to the activity by hackers who simulate a legitimate organization and use e-mails to persuade people to share their personal and private financial data. No, this is not a bad joke: phishing attacks involve the mass distribution of "spoofed" email messages with return addresses, links, and branding which appear to come from well known banks, insurance agencies, retailers or credit card companies. The result of these scams is that consumers suffer credit card fraud, identity theft, and financial loss.

So what’s the deal here? Well, for starters, to most Internet users the emails and web sites are indistinguishable from legitimate business communications. Secondly, trusted sources reveal that by hijacking the brands of well-known banks, online retailers and credit card companies, phishers are able to induce up to 5% of recipients to respond to them. How far can these unscrupulous companies and individuals get? Farther than most of us would think. Last Nov. 8, a man in Sydney, Australia, was imprisoned for more than five years for duping people into sending him millions of dollars in a global Internet ruse known as the Nigerian scam. He presented himself as someone who needed access to a Western bank account in order to transfer a large sum of money out of a politically troubled country. Criminals taking part in the Nigerian scam would then promise the innocent email recipients a share of the money, but ask for a smaller upfront cost - in the concept of an ‘administration fee’ - before the larger sum can be transferred. This way they make millions! Although this man pleaded guilty at the Sydney Court, chances are it will take much more than one guilty man imprisoned to get this problem under control.

According to APWG’s Phishing Attack Trends Report (July 2004), the most targeted industry sector for phishing attacks continues to be Financial Services, both from the perspective of total attacks and the number of companies targeted. Retail is second, whereas ISPs are third. Citibank seems to be the company whose brand was hijacked most often by phishers. Some other recent phishing targets include AOL, Suntrust, Earthlink, Wells Fargo, MBNA, Charlotte's Bank of America, Paypal, Fleet, Best Buy and eBay.

Although the United States is the top country in terms of the total number of hosted phishing web sites, other nations engaging in phishing attacks include Russia, the UK, Mexico and many Asian countries such as South Korea, China and Taiwan – among others. APWG’s report indicates that that approximately 35% of phishing web sites are hosted on exploited machines, unbeknownst to their owners. Because they are fake, phishing web sites normally do not have a long life span. The average life span for both phishing and fraud sites, measured by how long they continue to respond with content, does not go beyond a week.

Think you are covered because you know what phishing is and you have an idea on how to handle these attacks, sit back because you have not heard it all. Research indicates that the dramatic increase in the number of fraud-based websites over the past few months may result not only in identity theft, but also in the false belief that you have purchased something online when in fact, you have not! Unlike phishing attacks that hijack the brand of trusted e-commerce or financial institutions, these web sites are presented as generic ecommerce sites. How do they operate? Well, users believe they are ordering legitimate products or applying for a legitimate mortgage when in reality, they are becoming fraud victims. The most common fraud-based web sites are fake loan scams, mortgage frauds, online pharmacy frauds, and fake online banking institutions. In addition to the direct cost of fraud and the enduring effects of identity theft for consumers, the growth of criminal spam threatens the integrity and brand of organizations that do business online.
Phishing attacks are growing quickly both in number and sophistication. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, bank fraud, or identity theft. Some basic advice on what to do in this situation if you have given out your credit, debit or ATM card, or bank account information, is to report the theft of this information to the card issuer or the bank as quickly as possible. Canceling your account and opening a new one is advisable in addition to reviewing your billing statements carefully after the loss.
How can you solve your company’s email problems and keep the right information flowing? Phishing is one of the most dangerous forms of spam, thus if you are worried about the problem of phishing, online fraud, and email spoofing, you should first control the spam in your mailbox and report those who are sending it. To take an active role in the fight against spam, you can become a member of the Anti-Spam League for free and learn how to detect and recognize potential phishing and online fraud threats. Find out how by visiting www.Anti-Spam-League.org

About the Author

The purpose of the Anti SPAM League is to help consumers and business owners reduce the amount of SPAM they receive. In addition, our Anti SPAM organization believes that educating site owners in the area of SPAM prevention and ways to successfully and responsibly market their sites, is key in making a difference.

Be Aware of Phishing Scams!

By Nowshade Kabir

If you use emails actively in your communication, you must have
received various messages claiming to be from Ebay, Paypal and
a number of banks. A recent email as if from U.S. Bank
Corporation that I received contains the subject "U.S. Bank
Fraud Verification Process" and in the body of the mail it says
"We recently reviewed your account, and suspect that your U.S.
Bank Internet Banking account may have been accessed by an
unauthorized third party. Protecting the security of your
account and of the U.S. Bank network is our primary concern.
Therefore, as a preventative measure, we have temporarily
limited access to sensitive account features. To restore your
account access, please take the following steps to ensure that
your account has not been compromised:". It continues with a
link to a webpage, which looks very similar to original web
page of the bank.

The misleading web site appears authentic with familiar
graphics and logos. The wordings are professional right down
to the legal disclaimer at the bottom of the page.

If you happened to be holding an account of the claimed bank,
followed the instructions of the email and input your account,
pin, password, etc. you are doomed. You just have handed over
access to your account to a con artist, who, in a matter of
days, will drain off all the money available in that account.

This new scam, which is proliferating in a very rapid pace,
is called "Phishing". Phishing is a form of identity theft,
where a con artist with the help of official looking email
containing link to phony web pages capable of harvesting
information, tricks an unsuspecting victim into divulging
sensitive personal data. Scammers use these data to bilk
victims out of their savings.

One of the most common phishing campaigns being waged has
targeted users of Web auction giant eBay and its PayPal
division with financial services giant Citibank serving as
another popular target. However, recently, every major bank
has been hit with this scam. Crooks send out huge amounts of
emails with an expectation that some of these email address
owners may have online access to their accounts at the bank.

The term "Phishing" is a deviation of the word "Fishing". In
hackers’ lexicon, in many words, "F" becomes "Ph". The term
derives from the fact that scammers use sophisticated bait as
they "fish" for users’ personal information.

According to Gartner, a research firm, illegal access to
checking accounts gained via phishing has become into the
fastest growing type of consumer theft in the United States.
Roughly 1.98 million people reported that their checking
account was breached in one way or another during the last
year and US$ 2.4 billion were defrauded from the victims!

Gartner also estimated that 57 million U.S. Internet users
have received phishing emails and 3 percent of them may
have fooled into revealing their personal sensitive
information.

The Anti-Phishing Working Group has also spotted a dramatic
increase in reports of phishing attacks in recent months.
Since November, 2003 phishing scams increase by about 110
percent each month. In April alone, the group identified
1125 unique phishing scams, a sharp lift of 178 percent
from the previous month.

MessageLabs, a company that watches phishing scams closely,
has noted an even more dramatic increase in number of
phishing emails. It claims to see phishing messages jump
from just 279 in September, 2003 to a staggering 215,643
in March of 2004.

The scammers also started to use more sophisticated
technologies in recent months. The latest generation of
phishing scammers uses several methods to trick users,
including pop-up graphics to mast the true web URL of the
phishing site and the installation of Spywares and Trojans
on victim’s computer. The perpetrators also take advantage
of security bugs in web browsers, in which the URL in the
address bar appears to be for one site but is, in fact,
a link to a totally different site.

A new Windows worm under the name "Korgo" is able to
infiltrate into victim’s system with a key logging Trojan,
steal information that the victim input in web forms and
secretly transmit to designated server. There are a number
of variants of this worm and they are spreading rapidly.
However, Microsoft in April came up with a patch to seal
this glitch. Many computers without the patch are still
vulnerable to this potentially dangerous worm.

A U.S. Treasury report provides consumers with steps to
prevent and report phishing scams:

- Do not respond to or open any e-mail that warns that
an account is about to be closed. Contact the company
directly by phone and inquire of this e-mail.

- Do not submit financial information unless there is a
symbol for a locked padlock on the browser's status bar.
Also look for the https:// at the beginning of the
Web address. If both of these signs are absent,
the Web site is not secure.

- Always review your bank statement and credit card
statements immediately upon receipt.

- Verify the domestic telephone number listed on the Web
site through directory assistance or other reliable
sources and call the number. Many phishing attacks have
originated outside the U.S. and don't have a domestic
number.

- Report suspicious activity or if you have been defrauded
to the FTC and the FBI.

- Phishing e-mails can be forwarded to uce@ftc.gov. Complaints
can be filed at www.ftc.gov. Phishing attacks can also be
reported to the Internet Fraud Complaint
Center at www.ifccfbi.gov.

Other cautionary measures you should take in order to protect
yourself are:

- Since most of the phishing emails come through spam, get
a spam filter and install on your computer.

- If you suspect a phishing attempt, report immediately to
the bank. Every bank web site has a link or a toll-free
number to report scams. Don't be ashamed if you were
tricked into divulging account information. If you report
it immediately, your account will be protected until you
receive a new PIN.

- Change your password and PINs regularly. Banks advise
that you use separate PINs and passwords for different
accounts, that way if one gets compromised, your
entire financial life won’t be revealed.

- If you are a frequent user of EBay, download its Web
browser toolbar, a small program that runs with a
user's Web browser. It flashes red when the user visits
a possible spoof site. The toolbar uses a database of
spoof site URLs, submitted by customers and is updated
quite often.

- Check your computer frequently for possible Trojan virus.

About the Author

Nowshade Kabir is the founder, primary developer and present
CEO of Rusbiz.com. A Ph. D. in Information Technology, he
has wide experience in Business Consulting, International
Trade and Web Marketing. Rusbiz is a Global B2B Emarketplace
with solutions to start and run online business.
You can contact him at mailto: nowshade[at]rusbiz.com
http://ezine.rusbiz.com/newsletters/newsletter33.htm

Cyber Crooks Go Phishing

By Jim Edwards

"Phishing," the latest craze among online evil-doers, has
nothing to do with sitting at the end of a dock on a sunny
afternoon dangling a worm to entice hungry catfish.

But, if you take their bait, this new breed of online con
artist will hook you, reel you in, and take you for every
dollar you have... or worse.

"Phishing" describes a combination of techniques used by
cyber crooks to bait people into giving up sensitive
personal data such as credit card numbers, social security
numbers, bank account numbers, dates of birth and more.

Their techniques work so well that, according to
www.FraudWatchInternational.com , "phishing" rates as the
fastest growing scam on the Internet.

Here's the basic pattern for a "phishing" scam...

You receive a very official email that appears to originate
from a legitimate source, such as a bank, eBay, PayPal,
a major retailer, or some other well known entity.

In the email it tells you that something bad is about to
happen unless you act quickly.

Typically it tells you that your account is about to get
closed, that someone appears to have stolen your identity,
or even that someone opened a fraudulent account using your
name.

In order to help straighten everything out, you need to
click a link in the email and provide some basic account
information so they can verify your identity and then give
you additional details so you can help get everything
cleared up.

Once you give up your information... it's all over but the
crying!

After getting your information, these cyber-bandits can
empty your bank accounts, deplete your PayPal accounts, run
up your credit card balances, open new credit accounts,
assume your identity and much worse.

An especially disturbing new variation of this scam
specifically targets online business owners and affiliate
marketers.

In this con, the scammer's email informs you that they've
just sent $1,219.43 (or a similar big but believable
amount) in affiliate commissions to you via PayPal.

They need you to log into your PayPal account to verify
receipt of the money and then email them back to confirm
you got it.

Since you're so excited at the possibility of an unexpected
pay day, you click the link to go to PayPal, log in, and
BANG! They have your PayPal login information and can empty
your account.

This new "phishing" style scam works extremely well for 2
basic reasons.

First, by exploiting your sense of urgency created by fear
or greed, crooks get you to click the link and give them
your information without thinking.

Second, the scammers use a variety of cloaking and spoofing
techniques to make their emails and websites appear totally
legitimate, making it extremely hard to spot a fake website,
especially when they've first whipped you into an emotional
frenzy.

The good news, however, is that you can protect yourself
relatively easily against this type of cyber-crime with
basic software and common sense.

Most of these scams get delivered to you via Spam
(unsolicited email), so a good spam blocker will cut down
on many of them even making it to your inbox.

If you receive an email that looks legitimate and you want
to respond, Stop - Wait - Think!

Verify all phone numbers with a physical phone book or
online phone directory like www.Verizon.com or
www.ATT.com/directory/ before calling.

Look for spelling and grammatical errors that make it look
like someone who doesn't speak English or your native
language very well wrote it.

Never click the link provided in the email, but go directly
to the website by typing in the main address of the site
yourself (example: www.paypal.com or www.ebay.com).

Forward the email to the main email address of the website
(example: support@paypal.com) or call the customer service
number on the main website you typed in yourself and ask if
it is in fact legitimate.

Above all remember this:

Your bank, credit card company, PayPal, eBay and anyone
else you deal with online already knows your account
number, username, password or any other account specific
information.

They don't need to email you for ANY reason to ask you to
confirm your information -- so NEVER respond to email
requests for your account or personal details.

About the Author

Jim Edwards is a syndicated newspaper columnist and the
co-author of an amazing new ebook that will teach you how
to use fr-e articles to quickly drive thousands of targeted
visitors to your website or affiliate links... http://www.TurnWordsIntoTraffic.com

© 2005-2006 Real Deal Income. ALL RIGHTS RESERVED

Paypal / E-mail / Adware / Paid survey & shopping / Get rich quick / Home business E-book / Affiliate sales / Refinancing and Home equity loan / Nigerian scam / Medical billing scams / Phishing scams / Telephone scams /