Warning! Internet Pirates are Trying to Steal Your Personal Financial Information! Here's the Good News: You have to Power to Stop Them!
There's a new type of Internet piracy called "phishing." It's pronounced "fishing," and that's exactly what these thieves are doing: "fishing" for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.
In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel.
But if you understand how phishing works and how to protect yourself, you can help stop this crime.
Here's how phishing works:
In a typical case, you'll receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies.
The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail will then encourage you to click on a button to go to the institution's Web site.
In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in, fact, it may be the company's actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.
In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth.
If you provide the requested information, you may find yourself the victim of identity theft.
How to Protect Yourself
- Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.
- If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.
- Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.
- Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.
Warning! Spammers are getting smarter. Newer, sophisticated junk emails elude filters to con you
With an estimated 400 billion messages every day, spam makes up the majority of internet email traffic. But because today's spam filters are so effective—blocking more than 99 percent of junk messages—few actually make it to your in-box.
So cybercriminals are changing tactics to steal your money and identity. Rather than blasting out tens of millions of identical pleas from Nigerian kings and sellers of cut-rate Viagra, they're moving to smaller batches of better crafted come-ons that claim to be from companies and people you know and trust. I'm talking about your bank, insurance company and medical provider—and people like your boss, family members and longtime friends.
How it works
Known as "artisanal" spam, these emails go to only a few thousand recipients, which gives them a leg up in making it to your in-box. "The more emails sent by a particular party, the better chance they are blocked by spam filters," explains John Wilson of cybersecurity firm Agari. "With artisanal spam there are fewer targets, but the likelihood of any one victim falling for it is much greater."
That's because recipients are carefully courted with personalized traps. Often the information comes from data breaches—hacks into corporate computer systems to steal customer lists. "People who went to a certain medical clinic, for instance, may get a bill with their names, account numbers and dates of treatment," Wilson says. "And that money goes to criminals' accounts."
In another variation, crooks use special software to collect personal details from LinkedIn and other social networking sites. Or they send you malware-infected links in emails that seem to come from Facebook friends. "Once you click that link," Wilson says, "every keystroke typed is sent to the criminal—including when you go to your online accounts and enter your name and password."
Corporate email systems are also targets. Employees may get messages claiming to be from HR telling them to update their login credentials, which gives crooks access to company databases. The FBI estimates that companies have lost at least $2.3 billion through scam emails sent to employees—allegedly from the CEO—with instructions to pay fake vendors.
Here's how to Protect yourself
Don't be fooled by the name displayed as the sender. Inspect the address that the message came from—a long series of letters or words after ".com" suggests it was sent by a spammer.
Be suspicious of links. When legitimate companies offer to remedy problems or ask to update information, the email typically doesn't include links; instead the companies direct you to their website.
Verify. If you get an email with a link along with a message from a friend saying "check this out," call to find out if they really sent it.
Parse the credit card number. Emails pretending to be from credit card companies often cite the beginning numbers of an account; legitimate messages more likely cite the last few numbers. Reason: Like phone numbers, many credit cards start with the same digits.
By Sid Kirchheimer- he is the author of Scam-Proof Your Life, published by AARP Books/Sterling.”
What to do if you fall victim:
Contact your financial institution immediately and alert it to the situation.
If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau's fraud division:
P.O. Box 740250
Atlanta, GA 30374
P.O. Box 1017
Allen, TX 75013
P.O. Box 6790
Fullerton, CA 92634
Report all suspicious contacts to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft
or by calling 1-877-IDTHEFT