www.PathfinderNetworks.com

Phishing for your wallet (not walleye)

By Parrish Reinoehl, Pathfinder Networks

March 2005

Computer criminals are always on the hunt for new ways to steal your valuable identity.  Identity theft has been a much publicized topic as of late- all with very good reason.  Just imagine having not just your credit card information stolen but also your bank accounts, investment savings, and even the information needed to open new credit card accounts- all to be used at the whim of a criminal in some far flung location.  The results can easily go well beyond those of immediate financial losses.  Damage to your credit history can be even more disastrous and difficult to recover from.

Phishing (pronounced “fishing”) is not the enjoyable leisure activity many of us are familiar with.  As the peculiar spelling of its name implies, this is a computer hackers tool- a tool you definitely do not want to fall victim of.  Phishing is the term used to describe scams that use spoofed (or fake) e-mails, popups, and websites that can mimic the exact appearance of trusted banks, online retailers, and credit card companies.  These emails or websites are designed to trick you into revealing your financial information such as bank account numbers, account usernames and passwords, PIN numbers, credit card numbers, social security numbers, and so on.

It is very easy for a computer criminal to create a webpage or email that looks exactly the same as your bank or credit card company’s home page.  These fake sites or emails can contain the exact images, logos, wording, even URL’s that you would find at the real site.   Citi Bank has been a site these criminals enjoy “spoofing”, but many other financial and online retailers, such as Ebay and PayPal, have been copied as well. 

The scam works like this: you’ll receive an email that appears to come from your financial institution, for example, that says your bank’s computer had some problems and they lost all of your personal data. It then asks you to go to a website to re-enter or verify that information. These emails also seem urgent at times. They may say that your account will be closed within 24 hours if they don’t get the information they ask for. These emails can appear to come from your bank, ISP, credit card company, online store, etc.  Remember, these emails and webpages look exactly as what you would expect to find from the real company.  In reality, however, all the information you enter on the page (be it a Social Security number, drivers license, credit card information, etc) is all being retrieved by the computer criminal.

This type of crime is growing incredibly fast.  It is highly likely that anyone with an email account has received at least one of these “spoofed” emails.  According to the Anti-Phishing Working Group (APWG), these types of scams increased by 180 percent between April and May 2004 (just one month!).

According to Panda Software there are steps you should be taking to protect your identity while online.  These include:

• Do not reply or click the link in an email that looks suspect. Legitimate institutions and companies don’t ask for that kind of information online. They know it’s not safe.
• If you think the email or website looks genuine, call the institution and verify it. Don’t call a number given in the email message; call one you have used before or that is found on your monthly statement.
• If you want to give personal information to someone, like your bank account number, don’t send it through email. It’s not secure.
• If you sign up for or buy something on line and have to give personal information, make sure the site is secure. Ensure the URL starts with https (the ”s” stands for secure) and that you see a small gold lock in the bottom right-hand corner of your web browser.
• Make sure you watch your credit card and bank statements so you can ensure all is okay and possibly catch fraudulent transactions quickly.  If you find a transaction that you suspect, contact all of your financial institutions immediately.
• Be careful when opening email attachments. Make sure you know who it’s from and that you are expecting the file.  You should never open an attachment that you are not expecting.
• Be a skeptic when it comes to what you view or read online.  Don’t believe everything you get via email.
• Last, but not least, use antivirus software and make sure it is updated frequently and automatically. Phishing emails can often contain viruses and other malicious software that cannot only endanger your documents and programs - but can also act in many ways to help cyber criminals steal your personal information.

About the Author:

Parrish Reinoehl is President of Pathfinder Networks; a Niles based technology consulting firm specializing in providing affordable computer services to small businesses and home users including networks, PC support, sales, and service.  Pathfinder Networks can be reached at 269-684-7696 or via email at parrish@pathfindernetworks.us

Pathfinder Networks website is http://www.PathfinderNetworks.us

Visit our retail location at 1920 S. 11^th St., Niles, MI (in Belle Plaza).  We now sell Dish Network Satellite television and Sirius Satellite Radio!

© Pathfinder Networks, LLC