|
Auctions InformationBe Aware of Phishing Scams!
by:
Nowshade Kabir
If you use emails actively in your communication, you must have
received various messages claiming to be from Ebay, Paypal and
a number of banks. A recent email as if from U.S. Bank
Corporation that I received contains the subject "U.S. Bank
Fraud Verification Process" and in the body of the mail it says
"We recently reviewed your account, and suspect that your U.S.
Bank Net
Banking account may have been accessed by an
unauthorized third party. Protective
the safety of your
account and of the U.S. Bank network is our primary concern.
Therefore, as a preventative measure, we have temporarily
limited access to sensitive account features. To restore your
account access, please take the following steps to ensure that
your account has not been compromised:". It continues with a
link to a webpage, which looks really similar to innovational web
page of the bank.
The dishonourable
web site appears authentic with familiar
graphics and logos. The wordings are professional right down
to the legal disclaimer at the bottom of the page.
If you happened to be holding an account of the claimed bank,
followed the manual of the email and input your account,
pin, password, etc. you are doomed. You simply have bimanual over
access to your account to a con artist, who, in a matter of
days, wish drain off all the money accessible in that account.
This new scam, which is proliferating in a really rapid pace,
is called "Phishing". Phishing is a form of identity theft,
where a con creative person with the help of official looking email
containing link to phony web pages capable of gathering
information, tricks an unsuspecting victim into divulging
sensitive personal data. Scammers use these data to bilk
victims out of their savings.
One of the most common phishing campaigns being waged has
targeted users of Web auction giant eBay and its PayPal
division with business enterprise services giant Citibank serving as
another popular target. However, recently, every major bank
has been hit with this scam. Crooks send out large amounts of
emails with an expectation that several of these email address
owners may have online access to their accounts at the bank.
The term "Phishing" is a deviation of the word "Fishing". In
hackers’ lexicon, in many an words, "F" becomes "Ph". The term
derives from the fact that scammers use sophisticated bait as
they "fish" for users’ personal information.
According to Gartner, a research firm, black access to
checking accounts gained via phishing has become into the
fastest growing type of user
stealing in the United States.
Roughly 1.98 million folk rumored
that their checking
account was broken
in one way or another during the last
year and US$ 2.4 billion were defrauded from the victims!
Gartner likewise calculable
that 57 million U.S. Net
users
have received phishing emails and 3 per centum of them may
have fooled into revealing their personal sensitive
information.
The Anti-Phishing Working Group has likewise spotted a dramatic
increase in reports of phishing attacks in recent months.
Since November, 2003 phishing scams increase by simply about 110
percent each month. In Apr alone, the group known
1125 unique phishing scams, a sharp lift of 178 per centum
from the previous month.
MessageLabs, a institution that watches phishing scams closely,
has noted an even as much dramatic increase in number of
phishing emails. It claims to see phishing messages jump
from simply 279 in September, 2003 to a staggering 215,643
in March of 2004.
The scammers likewise started to use much sophisticated
technologies in recent months. The latest generation of
phishing scammers uses several methods to trick users,
including pop-up graphics to mast the true web URL of the
phishing site and the installation of Spywares and Trojans
on victim’s computer. The perpetrators likewise take advantage
of safety bugs in web browsers, in which the URL in the
address bar appears to be for one site but is, in fact,
a link to a altogether several site.
A new Windows worm under the name "Korgo" is able to
infiltrate into victim’s system with a key work
Trojan,
steal information that the victim input in web forms and
secretly transmit to selected
server. There are a number
of variants of this worm and they are spreading rapidly.
However, Microsoft in Apr came up with a patch to seal
this glitch. Many an computers without the patch are still
vulnerable to this possibly
dangerous worm.
A U.S. Treasury report provides consumers with steps to
prevent and report phishing scams:
- Do not respond to or open any e-mail that warns that
an account is simply about to be closed. Contact the institution
directly by phone and inquire of this e-mail.
- Do not submit business enterprise information unless there is a
symbol for a fast padlock on the browser's status bar.
Likewise look for the https:// at the beginning of the
Web address. If several of these signs are absent,
the Web site is not secure.
- Always review your bank statement and credit card
statements directly upon receipt.
- Verify the domestic telephone number listed on the Web
site through directory assistance or else reliable
sources and call the number. Many an phishing attacks have
originated outside the U.S. and don't have a domestic
number.
- Report suspicious work or if you have been defrauded
to the FTC and the FBI.
- Phishing e-mails can be forwarded to uce@ftc.gov. Complaints
can be filed at www.ftc.gov. Phishing attacks can likewise be
rumored
to the Net
Fraud Complaint
Center at www.ifccfbi.gov.
Other cautionary measures you should take in order to protect
yourself are:
- Since most of the phishing emails move through spam, get
a spam filter and install on your computer.
- If you suspect a phishing attempt, report directly to
the bank. Every bank web site has a link or a toll-free
number to report scams. Don't be dishonoured if you were
tricked into divulging account information. If you report
it immediately, your account wish be protected until you
obtain a new PIN.
- Change your countersign and PINs regularly. Banks advise
that you use separate PINs and passwords for several
accounts, that way if one gets compromised, your
entire business enterprise life won’t be revealed.
- If you are a frequent user of EBay, transfer
its Web
browser toolbar, a small program that runs with a
user's Web browser. It flashes red once
the user visits
a possible spoof site. The toolbar uses a information of
spoof site URLs, submitted by customers and is updated
quite often.
- Check your computer oft-times for possible Trojan virus.
Just simply about the Author
Nowshade Kabir is the founder, primary developer and present
CEO of Rusbiz.com. A Ph. D. in Information Technology, he
has wide experience in Business Consulting, International
Trade and Web Marketing. Rusbiz is a Worldwide B2B Emarketplace
with solutions to start and run online business.
You can contact him at mailto:nowshade[at]rusbiz.com,
http://ezine.rusbiz.com/newsletters/newsletter33.htm
| |
