Phishing scams involve the distribution of "spoofed" email messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers, credit card companies, and other legitimate businesses.
These fraudulent messages are designed to trick the recipients into disclosing personal information such as account usernames, passwords, credit card numbers, social security numbers, and home addresses. Most of these emails look "official," and as a result, recipients often respond to them, resulting in financial losses, identity theft, and other fraudulent activity.
14,191 unique phishing scams were discovered in the month of July 2006 alone.—Anti-Phishing Working Group
Phishers use various social engineering and spoofing techniques to try to trick their victims. Recently, a 17-year-old sent out messages that appeared to be from America Online that said there had been a billing problem with recipients' AOL accounts. The fraudulent email used AOL logos and contained legitimate links.
If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.
In 2003, Floridians reported a combined loss of $25 million to online fraud.—Federal Trade Commission
Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing that although most of their prey won't take the bait, they just might entice some to bite.
In addition to mass mailings, scam artists have started using a more targeted method of phishing called "Spear Phishing." In a spear phishing attack, the only recipients of the email are known members of the bank or institution that the email is targeting.
These email addresses are acquired through a number of means for example:
What to do:
The FTC warns users to be suspicious of any official-looking email message that asks for updates on personal or financial information and urges recipients to go directly to the website of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to email@example.com or call the FTC help line, 1-877-FTC-HELP.
Tips to Avoid being hooked:
For more information, and to find archived phishing scams, please visit www.antiphishing.org.
Check our calendar for C-SAFE classes and important training events. Subscribe in your Google calendar.