Law Office Management
LOMA : Articles

Caution:  Phishing May Be Dangerous
 

            In the May, 2005 issue of Tech Talk, John Anderson wrote about some of the ways that hackers get your identity by Pharming and Phishing. This month, I am going to go into a little more detail about the dangers posed by phishing in light of the serious increase in the incidents of identity theft.
            According to the free online web dictionary Wikipedia (www.wikipedia.com) "phishing (also known as carding and spoofing) is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message)  The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data."
            Generally you will receive an email message from your bank, your ISP, ebay, Amazon, PayPal or some other large institution with whom you may have done business.  The email looks amazingly legitimate.  The message usually indicates that there is some sort of problem and that they need some confidential information in order to fix it.  Very often there will also be a link to what appears to be a very legitimate website. 
            To see how difficult it is to distinguish some of these phishing sites from real sites, MailFrontier has a quiz that you can take to see if you can determine which are real and which are not. Go to http://survey.mailfrontier.com/survey/quiztest.html.  I highly recommend you, everyone in your office and your family take this test.  You will be stunned at how easily you can be fooled.
            Phishing scams are no different in theory than the phone scams when people called pretending to be your bank and people were tricked into giving out their bank account numbers.  Most legitimate institutions will NOT contact you via email and ask for confidential information.  If you any one in your office or family gets a message like this, you can file a complaint with the Federal Trade Commission at www.ftc.com.
            In addition, you can get information on what to do if you have given out or think you may have given out any confidential information by going to the Anti-Phishing Working Group at http://www.antiphishing.org/consumer_recs2.html
            The FTC has the following recommendations on how to avoid being the victim of phishing.(How Not to Get Hooked by a Phishing Scam http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm)
            1. If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either.
            2. Use anti-virus software and a firewall, and keep them up to date.
            3. Don’t email personal or financial information.  If you are going to send confidential information over the internet make sure it is a secure site.  By this time you should all know how to determine if a site is secure.  It will have a " whole key" or lock in the corner of the site on the status bar  as opposed to a "broken key" or it will have "https" in the URL.  The "s" stands for secure
            4. Review credit card and bank account statements as soon as you receive them.  I now write down every purchase I make each month on my credit card and I compare it to what is on my statement.  I also save all receipts in a separate file folder.  (Just as an aside, this exercise of writing down all my credit card purchases and keeping that information with me has actually caused me to use my credit card less and thus save me from buying "stuff" I really do not need.  I have actually saved money by writing it down.)
            5. Be cautious about opening any attachment or downloading any files from emails.  If you were not expecting an attachment from someone, contact that person to make certain that it is legitimate.
            6.  Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.  This is important to do if you want to try to slow down some of these criminals.
            7.  If you think you have been the victim of a phishing expedition, file a complaint with the FTC.  You should also consider getting a copy of your credit report to make certain no one is open credit cards in your name.  You can go to www.annualcreditreport.com to get a copy of your report.  Unfortunately, the free credit reports will not be available in Maryland until September, 2005 but the cost for ordering them is very low and it is something you should consider.  If you want more information on identity theft go to http://www.consumer.gov/idtheft/.  

            Although many of these scams are very slick, there are some things to look for to determine if it is a phishing scam. 
            1.  It says it is not a scam.
            2.  It requires immediate action.
            3.  It asks for sensitive information.  It usually asks for information about account numbers or financial information.
            4.  It will usually direct you to a site or form to put in this confidential information.  This site will look legitimate.
            5.  The site/message will contain typographical or grammatical errors.
            6.  The message will be impersonal.  Most legitimate institutions have your information and will personalize messages to you.  (These tips taken from A Memo On Phishing website at http://www.geocities.com/phishingmemo/)  

            For every new technology or invention, there will be people who will try to exploit it.  Criminals and scam artists have been around since the beginning of time.  Only the tools have changed.  Just remember everything your mother told you: Be careful.  If it doesn't seem right, it probably isn't.  Eat your vegetables.     

 

LOMA :