There is a rapidly growing Internet fraud called “phishing.” Phishing (pronounced “fishing”) is a term that refers to fishing for personal information, such as account numbers, passwords, PINs, credit card account or Social Security numbers online.
Phishing is quickly becoming one of the most insidious online identity theft scams where fraudulent email messages (spam) are sent to unsuspecting victims’ email addresses requesting them to supply confidential information. The email message may include a warning that there is a problem with your account or that the account will be closed unless you reconfirm confidential information. These emails and links to so-called official sites appear to be quite authentic, but are really baiting you to give up valuable information. Phishers’ latest ploy involves using multiple channels to try to get at your private information, asking people to call instead of using email to obtain user IDs and passwords.
So how do spammers “phish?” They take advantage of a security hole inherent in SMTP email logic to impersonate another’s domain. A phisher falsifies the domain in the email header and copies the look and feel of a company’s web site to make you believe the email is from an authentic site. Identity theft is estimated to rob over half a million people of their identities each year. Once someone steals your personal information, it can be used to establish credit, borrow money, purchase goods and services, and even commit crimes—ruining your good name and your credit.
Here are steps you can take to protect yourself from being the next victim of a phishing scam:
What To Do If You Receive a Phishing Email
Will you know a phish when you see one? Unfortunately, phishing is becoming more and more common, and the scammers are getting better at disguising themselves.
If you receive a phishing email, make sure you report it to both of the following email addresses: firstname.lastname@example.org and email@example.com. You should also forward the email to the company that is being imitated or “spoofed.” When forwarding these messages, be sure to include the original email with the complete header information.