Summertime and phishing is easy

• Article
• Comments ()
• Click-2-Listen

By

Most regular Internet users have by now learned how to avoid online fraudsters. Don't open e-mails from unknown entities, use credit cards only on secure Web sites and never, ever send your bank account information to that pleasant Nigerian government minister who needs your help collecting on a financial windfall.

However, as consumers have grown more sophisticated, so have fraudsters. In a relatively new scam, individuals will pose as a company with which a consumer has a pre-existing relationship -- like a bank, online auction site or Internet Service Provider -- and send an e-mail requesting billing or financial information to avoid "termination" of the user's account. The e-mail will often direct the recipient to a Web site that looks nearly identical to the actual company's Web site, where the victim will be asked to enter Social Security numbers, financial information or passwords.

Known as "phishing," the practice has been discussed in the media as far back as 1997. However, the scam has really exploded only in the last year. In July a year ago, the FBI reported: "Bogus e-mails that try to trick customers into giving out personal information are the hottest and most troubling new scam on the Internet."

According to the Anti-Phishing Working Group, an industry coalition working to fight fraud, there were 1,197 phishing incidents reported in May, the most recent month for which figures were available.

Consumers are not the only victims of these scams. Targeted financial institutions or corporations must deal with the scammers' copycat Web sites and frauds that can undermine consumer trust in the company's security. In fact, given the number of major identity theft cases that have been "inside jobs," it is probably only a matter of time before a company's employees are implicated in helping to run a phishing attack against that company's customers.

Phishing is helping to drive the massive increase we are seeing in identity fraud. Last year, reported identity-theft cases were up by nearly one-third over the previous year. The average loss to a business from a fraud case last year was $4,800.

With all online scams, awareness provides the best protection. Download and install all updates for your Web browser to prevent hackers from exploiting known security issues. Be on the lookout for e-mails that warn of imminent action against an account unless billing information is validated or "reconfirmed." Because e-mails are not secure, they should never be used to provide financial or other personal information. It is far safer to contact the company directly, perhaps through a phone number or Web site that is certain to be real.

If you think you may be a victim of phishing or another form of identity fraud, immediately check all accounts for unauthorized activity. Close and reopen any accounts that may have been compromised. Obtain a copy of your credit report and review it to make sure no fraudulent accounts have been opened in your name.

Consumers can also help thwart phishers by reporting any unusual or suspicious e-mails or Web sites to the Federal Trade Commission. The FTC's Web site has information and online forms for filing a complaint. Be vigilant in protecting your personal information and you should have nothing to fear from phishers this summer.

Jim Vaules is a fraud consultant for LexisNexis, a provider of identity verification and authentication products for corporations, governments and financial institutions.