| A phishing scam is the process of attempting to get | | | | debt. If phishers can obtain your name, date of birth |
| sensitive information such as credit card details, | | | | and an address [some of which can be obtained from |
| usernames, passwords and social security numbers by | | | | public records] they can open bank accounts, business |
| pretending to be a trustworthy organisation. | | | | accounts and credit cards with which to commit fraud. |
| Phishing e-mail messages can take a number of | | | | In 2007 phishing attacks in the United States involved |
| forms. They might appear to come from your online | | | | 3.6 million adults who lost US $ 3.2 billion in the 12 |
| bank or financial institution, auction sites such as eBay, | | | | months ending in August 2007. |
| online payment processors such as PayPal, a | | | | How to Avoid a Phishing Scam. |
| company you regularly do business with, or from your | | | | Be suspicious of any emails with urgent requests for |
| social networking site such as YouTube, Facebook or | | | | personal or financial information, especially if they have |
| MySpace. | | | | exciting or upsetting information designed to get you to |
| Phishing scams are usually carried out by email or | | | | respond urgently. |
| instant messaging, and direct you to a fake website | | | | Don't reply to email or pop-up messages that ask for |
| where you enter personal details. The fake website | | | | personal or financial information, and don't lick on links in |
| will look similar or identical to the legitimate website. | | | | the message. Don't cut and paste a link from the |
| In order to trick you into revealing your personal details, | | | | message into your Web browser because phishers |
| the message might include phrases like "confirm billing | | | | can make links look like they go one place, but that |
| information" or"verify your account" or "update your | | | | actually send you to a different site. |
| credit card information" or "If you don't respond within | | | | Always ensure that you are using a secure website |
| 48 hours your account will be closed". | | | | when submitting credit card or other sensitive |
| These are examples of messages you may receive: | | | | information via your web browser. |
| "We suspect an unauthorized transaction on your | | | | Phishers are now able to forge both the https:// that |
| account. To ensure that your account is not | | | | you normally see when you are on a secure Web |
| compromised, please click the link below and confirm | | | | server and also a legitimate looking address. Make |
| your identity." "During our regular verification of | | | | sure you enter the address of any banking, shopping, |
| accounts, we couldn't verify your information. Please | | | | or financial transaction website yourself and don't use |
| click here to update and verify your information." The | | | | displayed links. |
| messages convey a sense of urgency so that you will | | | | Phishers can also forge the yellow lock you would |
| respond immediately without thinking. | | | | normally see near the bottom of your screen on a |
| The message might even claim that your quick | | | | secure site. The lock used to be an indicator of a 'safe' |
| response is required because your account has been | | | | site. When the lock is double-clicked, it displays the |
| compromised. The messages direct you to a website | | | | security certificate for the site. If you get any warnings |
| that looks just like a legitimate organization's site, | | | | that the address of the site you have displayed does |
| however it's a fake site whose sole purpose is to trick | | | | not match the certificate, don't proceed. |
| you into giving your personal information so the | | | | Some phishers send an email that appears to be from |
| operators can steal your identity and run up bills or | | | | a legitimate business and ask you to call a phone |
| commit crimes in your name. | | | | number to update your account or access a "refund." |
| Social networking sites are now a prime target of | | | | Because they use Voice over Internet Protocol |
| phishing, since the personal details in such sites can be | | | | technology, the area code you call does not reflect |
| used in identity theft. Experiments show a success | | | | where the phishers really are. If you need to reach an |
| rate of over 70% for phishing attacks on social | | | | organization you do business with, call the number on |
| networks. | | | | your financial statements or on the back of your credit |
| A phishing scam that is very targeted is called spear | | | | card. |
| phishing. Some recent phishing attacks have been | | | | Use anti-virus and anti-spyware software, as well as a |
| directed specifically at senior executives within | | | | firewall, and update them all regularly. |
| businesses, and the term whaling has been coined for | | | | Review credit card and bank account statements as |
| these kinds of attacks. | | | | soon as you receive them so you can check for |
| This type of credit card scam may result in denial of | | | | unauthorized charges. |
| access to email, loss of credit, lost access to accounts, | | | | The main thing phishing e-mail messages have in |
| or severe financial loss. | | | | common is that they ask for personal data, or direct |
| If phishers can gain access to username and | | | | you to Web sites or phone numbers to call where |
| passwords, they can lock you out of your accounts, | | | | they ask you to provide personal data. |
| and drain accounts of any money and also run up | | | | |