PHISHING, AS IN ARE YOUR GOING "PHISHING"?

OR, HAVE YOU ALREADY BEEN PHISHED?

Phishing- The Internet can play a role in identity theft. Today, attention is focused on a relatively new scam called “phishing.” Phishing refers to a practice where someone misrepresents their identity or authority in order to induce another person to provide Personally Identifiable Information (PII) over the Internet.

Some common phishing scams involve e-mails that purport to be from a financial institution, credit card company, Internet Service Provider, or other trusted company claiming that a person’s record has been lost. The phishing email directs the person to a website that mimics the legitimate business’ website and asks the person to enter a credit card number and other PII so the record can be restored.

In fact, the e-mail or website is controlled by a third party who is attempting to extract information that will be used in identity theft or other crimes. The FTC issued a consumer alert on phishing in 8 June 2004.

This third party is sometimes a criminal enterprise that will take your PII and either use it, rent it or sell it. In fact there are rings of web sites all over the world that collaborate in exchanging stolen PII in order to cover the tracks of their confederates and of course to make money.

Criminals also specialize. One individual or ring will phish the information and then sell or rent it for a fee to another individual or ring. These acts are not done in some back alley or smoke filled room. These crimes are committed digitally.

This means that criminal web sites exchange this information over the Internet either by Email or secure direct uploads and downloads from secret designated web sites.

Much of this phishing activity takes place outside the jurisdiction of United States law enforcement in countries of the former Soviet Union, the Middle East, Europe, Asia and Africa.

PHISHING EXAMPLES

• On 29 September 2005 the The world's soccer governing group sent out an alert that phishing scams using its name are trying to separate bank account information from fans. FIFA (Fédération Internationale de Football Association) warned that the e-mails pose as messages from lottery companies in countries such as South Africa, Spain, and the U.K.; claim to be organized on behalf of FIFA, or the 2006 or 2010 World Cup committees; and tell recipients that they've won major sums, in some cases as much as $1 million.
  
  
• On August 26, 2005 Brazilian police arrested 85 people in connection with a phishing ring that pilfered over $33 million from duped consumers who handed over their online bank account usernames and passwords, the Reuters news wire service reported.
  
  
• On 4 April 2005 the Bank of America was targeted by a very well designed and dangerous Phishing scam. It uses a vulnerability in the Bank Of America site. The email is exceptionally well done. It does not involve any coercive or threatening message. If you click on the link and fill in the phishing form your online account user Id, password and ATM or Check Card numbers are all harvested by the bad guys.
  

By the way this misdirection from a real Bank of America website to a fake one is called Pharming.

WHAT CAN I DO ABOUT PHISHING AND HOW CAN
I PROTECT MYSELF?

An “Anti-Phishing Working Group” (APWG) industry association has been established to work collectively on solutions to phishing. The group encourages consumers to report phishing incidents via its website [http://www.antiphishing.org/] and provides phishing statistics. This phishing watchdog group also lists preventative measures.

For more informaiton on how to stop Phishing Scams, check out our article, Phishing|Scams -12 Ways to Stop Them.

Phishing is a very dangerous crime that can cause your bank accounts to be emptied, your identity stolen or your credit cards maxed out.

Are the Phish or Phisher? Have you been phishing?

Privacy & Disclaimer Policy

To contact us: info@tweakspeed.com

All rights reserved. Copyright © 2005-2008 TWEAKSPEED & TWEAK ALL CONSULTANTS, PHISHING