Courtesy of Clark, Perdue, Arnold & Scott
Does this situation sound familiar? You receive an email from your bank telling you that your account information may have been compromised. The only way to solve this problem is by resubmitting your username and password. The bank is also kind enough to provide you with a link to their site. The email looks real, it’s from your bank, and you don’t want anyone getting into your account. So you go ahead and update your information. Although you think you are solving the problem, you have just created a much bigger ordeal.
The truth is, nothing was wrong with your bank account. The person who sent you the email was not your bank, had no affiliation with your bank, and you did not give the information to your bank. Someone just stole your identity. You are a victim of phishing.
Phishing is the latest trend in identity theft. Phishing involves a phony email, like the one described above, designed to trick you into giving sensitive information to a thief. These emails appear to be from an entity with which you have done business. Banks are a common façade, as well as any other businesses that may have your credit card information.
One of the largest phishing scams involved eBay. In 2003, a group of Phishers sent out an email to eBay members. This email said that their accounts needed to be updated and would be suspended within 48 or 72 hours if the user did not take immediate action. The link took the user to site that looked almost exactly like eBay, and required the user to enter their credit card information in order to reactivate their account. It is not exactly known how many users fell for the trick, but millions received the email and gave the information to the phishers.
Phishers are a clever bunch. You need to stay on your toes if you are going to keep yourself from falling victim to an identity theft.
Do not respond to any emails that “require” personal information. This includes banks, merchants, or anyone else looking for credit card information, usernames, logins, or passwords.
Banks and merchants will never ask for this information through an email. If you do receive an email that looks legitimate, call your bank or the merchant and speak to a representative. DO NOT CALL THE NUMBER ON THE EMAIL. This number will most likely be fraudulent and just take you to the phisher. Do not click on the link, either. Even if it the site looks you’re your bank or the merchant, these sites can be very easy to duplicate.
You can also install a firewall to your system, as well as staying up to date on all antivirus software, and software updates. You should also carefully check your credit accounts and banking statements every month to make sure there are no unauthorized transactions.
Besides just preventing phishing from affecting you, you can also help to catch phishers. Whenever you receive a questionable email or someone in need of any information, please report the potentially fraudulent email. You should contact the company that is the email is purportedly from. There are also organizations that seek to catch phishers. The following is a list of just a few of these organizations:
- [email protected]
- Federal Trade Commission at: [email protected] .
- Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/
The law is cracking down on phishers. Last year, an Ohio court sentenced a phisher to 46 months in prison after stealing information from AOL and its users. Another phisher was caught stealing information from PayPal users. One victim lost thousands of dollars from the scam.
Currently, the Anti-Phishing Ac t is still pending before Congress. If the bill is passed, it would criminalizing sending a phishing email, as well as creating fraudulent “phishing” websites. This may not require a showing a damages by the recipient of the email.
Although the law is trying to help you out, the best thing you can do is be careful and be skeptical of any emails requesting information. If you are ever in doubt, contact the bank or merchant directly to see if the email is real.