See How Much Money We Can Save You!
How Phishing Works (And How to Avoid It)
Identity theft is something most people think will never happen to them. However, this type of crime is steadily growing and is wreaking havoc on credit and banking industries. In the last five years, the Federal Trade Commission (FTC) estimates more than 27 million American adults have been victimized by identity theft criminals.*
During January to December 2003, Internet related fraud accounted for 55% of all identity theft complaints.**
What is Phishing?
Phishing is a general term for criminals that use online technology (emails and websites) to “mask” themselves as legitimate businesses, financial institutions, and/or government agencies, giving consumers enough comfort level to disclose bank accounts, credit card information, or other personal data (social security numbers, usernames and passwords). These criminals, known as phishers, then steal your identity to make unauthorized purchases, open new credit accounts, and/or spread computer viruses. Incidents of this type of identity theft are getting worse. During the first quarter of 2004, law enforcement authorities, businesses and consumers saw a significant increase in the use of phishing.
How Do Phishers Trick Consumers into Giving Their Personal Data?
Phisher will create a phishing email that on the surface will appear to come from a legitimate business, financial institution, or government agency. Then the identity thief will spam (mass email) thousands of consumers’ email addresses. What these criminals count on is that some of these targeted consumers have existing relationships with the legitimate entity.
What do these phishing emails look like? These criminals are very clever, oftentimes cutting and pasting the logos, content and company information from the legitimate entity into the email. The phisher will insert false statements to create a sense of urgency with a corresponding link so the consumer can go and “fix” the problem. Here are some of the false statements identity thieves are using:***
- “Our company has decided to test for free the security of the email services that you use…Hoping you have understood that we are doing all these for your own safety…we suggest you access the following form.”
- “…we have detected a slight error in your information…update and verify your information by clicking the link below…if your account information is not updated within 48 hours then your ability to use your [company] account will be restricted.”
- “During our regular update and verification of the [type of account], we could not verify your current information…as a result your access to use our services has been limited…To update your account information and start using our services please click on the link below”
If the consumer clicks on the link in the phishing email, it will take them to a dummy website where consumers are encouraged to fill out a form, putting bank accounts, credit card information, or other personal data into the hands of the identity thief. This fake website can look exactly like the legitimate business, financial institution, or government agency they’re mimicking. The phisher will put logos, content and company information from the legitimate entity into the dummy website.
The clever identity thieves use technology to expose browser vulnerabilities and mask the URL (Uniform Resource Locator) to resemble the domain of the legitimate company.
How to Protect Yourself From Identity Theft
There are many ways consumers can protect themselves from phishing and other types of identity theft. The Department of Justice recommends that consumers use three basic rules when dealing with questionable emails and websites: Stop, Look and Call.****
- Stop – Phishers include false statements to deliberately upset or excite you. The identity theft is counting on the fact that you will react to the email on impulse, click on the link and give them your personal data. Resist your impulse to click and take the time to examine the email more closely.
- Look – Examine the email and take a moment to consider if the contents make sense. Be suspicious of any email encouraging you to give out your bank accounts, credit card information, or other personal data.
- Call – If you think the email may be legitimate, take the time to look up the company’s phone number and call to verify the email’s contents. Do not call the phone number in the email because it may be false. Instead, call the toll-free customer service number on the back of the card or your account statement.
Additionally, you should sign up for a credit monitoring service to notify you when someone accesses your credit report and/or tries to open new lines of credit. CreditGUARD of America has created the Coach Credit Scout™ (https://creditmessenger.com/) to monitor your credit report 24 hours a day, 365 days of the year. When signing up for the CreditGUARD Coach™ (which provides you valuable credit analysis and step-by-step instructions on how to improve your credit), you receive a 30-day free trial of Coach Credit Scout™.
If you suspect that you have fallen for a phishing scheme, you should immediately file an online complaint with the Internet Crime Complaint Center (http://www.ic3.gov). For further instructions on what to do if your identity has been stolen, visit the FTC National Center for ID Theft (http://www.consumer.gov/idtheft/).
* Federal Trade Commission – Identity Theft Survey Report. Incidence of Identity Theft. Sept. 2003. Synovate (http://www.ftc.gov/os/2003/09/synovatereport.pdf)
** National and State Trends in Fraud & Identity Theft: January – December 2003. Executive Summary. 22 Jan. 2004. Federal Trade Commission (http://www.consumer.gov/sentinel/pubs/Top10Fraud2003.pdf)
*** Phishing Archive. Last Update 25 May 2004. Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.htm)
**** Special Report on Phishing. What Should Internet Users Do About Phishing Schemes? Department of Justice: Criminal Division (http://www.usdoj.gov/criminal/fraud/Phishing.pdf)