Government Technology

Personal Computing: Phishing Away Your Identity

October 18, 2007 By

You know not to do it. You don't respond to those e-mails asking you to update your Social Security number or credit card, bank, or other financial information or verify your password at eBay, PayPal, or other e-commerce Web sites.

You don't because you know that chances are high that this is a criminal attempt to steal your identity and your money, and you'd then be left spending many tedious hours trying to straighten out the mess afterward.

Among the latest phishing attacks are e-mails that appear to come from the Internal Revenue Service trying to trick you into revealing the bank you do business with. The criminals then send an e-mail that appears to come from that bank, asking you to log onto the bank's Web site. Only the Web site you're directed to only looks like your bank's. It's actually a bogus site put up by the criminals to get your account data so they can log onto your bank's real site and clean you out.

People still get suckered into these "phishing" scams, with the Anti-Phishing Working Group receiving an average of about 25,000 reports of such attacks each month. Many people think of cybercriminals operating abroad, away from the reaches of American law enforcement, and many do. But the country hosting the greatest number of phishing Web sites is the U.S., according to the group. The average time that these sites stay up is about four days -- long enough to do their dirty work.

Phishing originated with America Online back in the mid-1990s with teenage tricksters enticing naive users into revealing their password to "verify your account" or "confirm billing information." It later evolved into a more nefarious mode, involving credit cards and other financial information, but with the same kinds of pitches being used. By 2004 it was a full-scale crisis. It still is.

Among the other techniques used by phishers are addressing victims using their real names, sending e-mail that appears to come from a trusted friend or co-worker, using a Web address for the phishing site that's very close to that of the real site, featuring images at the phishing site that were stolen from the real site, using links at the phishing site that connect to the real site, and employing scripts at the phishing site that place a picture of the real Web address over the address bar.

Protecting your self against phishing isn't difficult, and new software provides extra protection.

Never click on a link in an e-mail message asking you to verify any personal or financial information via the Web. No legitimate company or government agency should ask you to do this. If you think it may be legitimate, phone the company and ask if such e-mail went out.

Be careful, though, of e-mails asking you to phone your bank or credit card company to verify information. The phone number may be bogus, directing you to the criminals, who will then try to steal your information. Look up the phone number yourself.

Be wary of any links in e-mail messages. Verify that the Web address that the link will take you to is the same address it indicates. Phishers often use the correct Web address as the name of the link but code the link to take you to the bogus address. Be especially wary of Web addresses that include the @ symbol or e-mail messages that ask you to click on an image.

Be careful when typing Web addresses into your browser so a typo doesn't land you at a phishing site by mistake. Using a bookmark or favorite link will prevent this.

Use the latest versions of Microsoft Internet Explorer, Mozilla Firefox

| More


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
View All

Featured Papers