Author: Dan Riffle
Article:
One of the main parts of an effective identity theft protection
system is to simply be aware of what information you are giving
out and to whom you are giving it. This may seem obvious, but
today's technology makes it a little more difficult, especially
as more and more consumers move to the internet to pay bills,
apply for loans, manage accounts, etc.
Identity theft thieves have taken the internet by storm. One of
their favorite identity theft tactics is phishing. Phishers lurk
the dark hallways of the internet trying to acquire your most
sensitive information -- usernames, passwords, credit card
numbers - by sending you emails posed as your friendly
neighborhood financial institution.
A Very Brief History of Phishing
It has been said that phishing got its start on - shocking! -
AOL. A phisher would comprise an elaborate email appearing to
come from AOL itself and request that the recipient verify their
password and/or billing information because something was
supposedly wrong with their account. Once the phisher had the
information, they would access the account and use it for
nefarious purposes, typically to spam even more people with
additional phishing emails.
AOL went on the attack in 1997 to shutdown phishing activity.
The Company was fairly successful, but to no avail. Phishers
just moved on to bigger phish, so to speak. They began using the
credit card information they received from phished AOL accounts
to attack payment systems of large financial institutions.
How Phishing Works - A Brief Primer
There are two basic steps to a phishing scam:
*A manipulated link *A phony (or "spoofed") website
Link Manipulation
The victim receives an email from a financial institution
claiming there's a problem with their account and they need to
log in to fix it. This email is sent out to thousands of email
address at the same time. Only a few will actually have accounts
with the financial institution being spoofed and only a few of
those will act on the request. However, all it takes is one...
The victim clicks on a link that leads them to a spoofed
website. The link might be buried in an anchor link, such as:
HTML Code: < a href="http://www.fakebank.com">Link to Real Bank
How it would appear: Link to Real Bank (Of course, the above
would be clickable in your email browser)
The above, based on the text link, appears to be going to the
real bank, but the actual link goes to the spoofed website.
Another way to manipulate the link is to register a domain that
visually appears similar to the domain of the real company:
Real Company website: <A
HREF="http://www.financialinstitution.com">www.financialinstituti
on.com</A>
Spoofed website: <A
HREF="http://www.financia1institution.com">www.financia1instituti
on.com</A>
Did you catch it? The L in "financial" has been replaced with a
1. The casual observer, already concerned about their account,
may not notice the difference. They click on the link and now
they're in a world of hurt because they just went to a...
Spoofed Website
The website they end up at has been developed to look exactly
like the real one. The identity theft victim logins in with
their username and password and simply gets some kind of error
message, something like, "The Site is Down for Maintenance" or
"Cannot Connect to Server. Please Try Again Later." The website
logs the account information, forwards it to the identity thief
and he or she is off to Bermuda on your dime.
Obviously, this scam can be much more elaborate than what is
detail above, but that's phishing in a nutshell.
How to Protect Your Identity from Phishers
Tip #1: The easiest way to protect yourself from this scam is to
ignore them. Trust me, if there's something wrong with your
account, your bank or credit card company will contact you by
phone.
If you think that the email you received could be valid, do not
use the links in the email to follow up. Open a new browser
window and manually type in the website address. Better yet -
CALL them from the phone number on your statement or the back of
your credit card. Never use the phone number in the email.
Tip #2: Be on the look out for identifiers in the email. Do they
refer to you by name? Did they include a partial account number?
Such information might indicate that the email is real. However,
always err on the side of caution. Identity thieves may have
found out your name or partial account number by some other
means and are trying to catch you off guard. Don't let it happen.
Tip #3: Use your spam filter. A good spam filter should catch
most phishing attempts. Should.
Awareness = Protection
As with all identity theft topics, keeping your eyes wide and
your brain active is your best defense against phishing scams.
Pay attention to what you're reading and what links you're
clicking. Quickly scan your email before clicking on anything.
If something catches your eye, give it a second glance. If it
seems out of place, hit delete. It's as simple as that.
About the author:
Dan Riffle is an MBA with over ten years of lending experience.
As a prior identity theft victim, he <a
at-do-thieves-do-with-a-stolen-identity/">writes extensively</a>
about identity theft at <a
href="http://www.identitytheftinsider.com">Identity Theft
Insider</a>, a free resource of valuable identity theft
prevention information.
Powered by Qumana
