|
| |
More people are losing their money, and even their identity, on the internet recently. One of the primary causes of these losses is phishing. Phishing is an internet-based attack used to try to steal personal information for monetary gain. To put it more simply, phishing is the modern, computer-based equivalent of a con game.
A typical phishing attack begins with an e-mail. The message will appear to be from a bank or some other organization with which you might have financial dealings. Common targets include eBay; PayPal; numerous internet service providers including AOL, MSN and Earthlink; and almost every major bank and a number of smaller banks. The message usually indicates that there is a problem with your account or with your payment. Sometimes the message will simply ask you to verify the details of your account. The messages that are sent often look very realistic. They use the actual logo for the institution that is being targeted. Often, there are tell-tale signs in the poor grammar or spelling, but even these are becoming less common as the criminals attempting to steal your money get more sophisticated. There is usually a link for you to click in order to update your information. That link will take you to a website that looks very much like your financial organization’s site. When you fill out the information requested, however, the account numbers, passwords, or other information you are entering is actually going to someone who is going to use them to steal your money or your identity.
What can you do to avoid becoming a victim of phishing schemes? All phishing schemes can be detected with some knowledge and a healthy dose of paranoia. You just need to know where to look for the flaws in the picture.
The first thing to look for is obvious: Do you have an account there? Even if you have an account with a bank, if you have not registered with their online service or selected an option to get statements or notices electronically, you won’t receive e-mail from them. Most phishers are not going to check to see if every one of their proposed victims actually has an account with the target bank. They just send out the message to every e-mail address they can get their hands on. This means that I get phishing attempts from AOL, MSN, Regions Bank, Chase Manhattan, and many others, even though I have never done business with those organizations. If you get a mail like that, don’t even open it. Just delete it.
Checking the internet headers of a message will often give you notice that you are not looking at a real e-mail from your bank. If you are running Outlook or Outlook Express, you can right click on any message in your inbox and select the properties in the menu that pops up. In Outlook, you can see the internet headers in the bottom part of the properties window that opens. In Outlook Express, you need to select the details tab in the popup window to see all the headers. When looking at the internet headers, you can ignore most of the lines except the “Received” and “To” lines. In the “To” line, simply check to see if the message was sent only to you, or to you and several other people. If it was sent to a group of people, it’s almost certainly an attempt at tricking you. After all, no bank is going to send out a message indicating that your account is being closed to multiple people at the same time. Each person would get one message addressed only to them.
The “Received” line in the internet header is a bit more complex. This line is the path traced by the e-mail before it got to you. While it may be a bit difficult to figure out what it means, it can definitely be one of the best ways to see if the mail is legitimate. Just look for mismatches. If the e-mail claimed that it was from eBay, for example, the received line should indicate that your internet service provider (ISP) received the message from someserver.ebay.com. If, instead, the received line says that the message was received by your ISP from mail.aol.com or mx2022.mail.ru, you can be pretty sure it’s someone trying to steal your money.
If you are uncertain after looking at the properties of the e-mail, log directly into the organization’s web site. Do NOT click on the links in the e-mail. If you have an account with the organization in question, they will almost certainly have some way of notifying you on their website that there is some problem with you account. All of the credit card companies I have seen, for instance, have a mail system on their website. You log in and click the little envelope icon or “Message Center” or the equivalent on their page. If you have a problem with your account, they will send you a message on their site. The only message you might get via regular e-mail is one asking you to check your messages on their website. If you are able to log in to the website, and you have no messages waiting for you, just delete the original e-mail.
If you are still concerned, call the organization in question. If you call your bank and explain to them that you got an e-mail indicating that your account would be closed, they will certainly be able to tell you if it is true or not.
Keep track of issues like credit card expiration dates. I received a number of e-mails a week or so ago indicating that my credit card had expired. Sure enough, looking at my bank debit card, it expired at the end of March. I logged in to the accounts in question, updated the date, and all was good.
So even though there are a lot of criminals dropping lines in the water, a healthy dose of skepticism and a bit of looking into the details of the e-mails that you are sent will help keep you from taking the bait hook, line and sinker.
Created on ... April 10, 2005
Last Updated March 2, 2006