Date: Thu, 19 Aug 2004 12:05:46 -0400 (EDT) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: Don't Get Hooked By A Phisher ----------------------------- DON'T GET HOOKED BY A PHISHER ----------------------------- "Phishing" is a term coined by e-mail scammers pretending to be from legitimate companies in an attempt to fool people into divulging passwords, credit-card numbers, bank account numbers, and other personal information. The term has been in use among hackers for a long time but has only recently gained widespread usage outside the hacker community, thanks to a huge increase in phishing scams in recent months. We see a wide variety of phishing scams in the course of a day, but they all follow a similar pattern: The phisher spams out thousands of e-mails that pretend to be from a well-known legitimate company. The e-mail may even contain the legitimate company's logo as well as links to the legitimate company's Web site. The message text will say the company needs information from you in order to update your account, or in order to provide better security for your account, or something along those lines. It may say that your account will be locked or cancelled if you don't provide the requested information. There may be a form built into the message that you are asked to fill out and return, but more often there will be a link to a Web page that you are asked to go to in order to fill out an online form. If you go to that Web page, it will be designed to look very much like the legitimate company's actual Web site. Thanks to a bug in Microsoft Internet Explorer and some other Web browsers, the Web URL you see in your Web browser's address bar may appear to be correct for the legitimate company's Web site when in fact what you are looking at is an entirely different Web site belonging to the phisher. If you provide the requested information you will become one of a rapidly growing number of phishing victims. Depending on what personal information the phisher cons you into providing, you may become the victim of credit card fraud, bank fraud, or identity theft. ---------------------------------------- How To Protect Yourself Against Phishing: ---------------------------------------- The simplest advice is "Don't Take The Bait". If the apparent sender is a company with whom you don't do business, then the e-mail is obviously a phishing attempt. Even if it is a company with whom you do business, keep in mind that very few legitimate companies request personal information by e-mail, especially now that phishing is such a big problem. If you receive such a request it is probably a phishing attempt. Companies that do contact customers via e-mail used to provide links to their "account update" Web page, but this has become very uncommon thanks to increased awareness of the phishing epidemic. If you do receive a suspicious request for personal information that appears to be from a company with whom you do business, DO NOT submit the information by e-mail and DO NOT click any "update account" (or whatever) link that appears in the e-mail. Instead, use whatever means of communication you have always used with that company to verify the legitimacy of the request. For an extensive list of dos and don'ts related to phishing, take a look at the Consumer Advice section of the Anti-Phishing Working Group's Web site at the following URL: http://www.antiphishing.org/consumer_recs.html ------------------------------------------------------- What To Do If You've Already Fallen For A Phishing Scam: ------------------------------------------------------- If you think you may already have been tricked by a phisher into divulging personal information, you should assume that you will become a victim of credit card fraud, bank fraud, or identity theft. You'll find useful advice on what to do about it in another section of the same Web site: http://www.antiphishing.org/consumer_recs2.html Also see the Federal Trade Commission's identity theft information Web page at: http://www.consumer.gov/idtheft/ ------------------------------ Where To Find More Information: ------------------------------ For general information about phishing, including lots of examples of commonly seen phishing e-mail, try these Web sites: http://www.antiphishing.org/ http://www.privacyrights.org/ar/phishing.htm http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm http://www.millersmiles.co.uk/identitytheft/spoof-email-and-spoof-web-page-library.htm -- BCPL.NET INTERNET SERVICES 320 York Road Towson, MD 21204-5179 U.S.A. Web Site: http://www.bcpl.net Who To Contact For What: http://www.bcpl.net/contacts/