As if the enormous volume of spam we all have to delete daily weren't enough, now I'm told we have to be on the lookout for email "phishing." Any hints on what this latest incursion into our online lives is and how best to combat it?
Phlustered in Philly
Ah yes, our email world has all too predictably morphed from spamming to scamming. We've all learned to recognize the characteristics (V!@gr@) of spam messages and now we must educate ourselves on how to spot phishing scams.
Phishing (sometimes referred to as spoofing) is just another method of accomplishing identity theft. It's not really new at all. In the olden, golden days of AOL, some prehistoric hackers actually did it with amazing success. The trick is to send an email message that looks like an authentic AOL (or eBay or Your Bank or whatever) notice to unsuspecting recipients, luring (pun intended) them into giving the phisherman all sorts of personal information along the lines of credit card numbers, Social Security numbers and/or passwords. As you can imagine, the possibilities for profiting from this illegally gained information are endless. It constitutes a serious federal crime, but that hasn't managed to slow up this growth industry.
The original AOL scam sent a message that looked very intimidating and official, stating that if your membership information and current credit card number weren't submitted on the form included in the email, your account would be suspended immediately. In those days (the mid-1990s), computer users were not as sophisticated as they are now and many dutifully complied with the fraudulent request and learned, the hard way, how crooks can charge things to your credit card within minutes of the time you were foolish enough to submit it.
I recently received a phishing message from a spoof eBay entity informing me that they needed to "verify" my information. Never having been an eBay member, it didn't take me long to deduce the deception. But eBay has been deluged with problems from this type of assault. They've posted a thorough tutorial on how to identify and combat phishing, which is well worth your perusal.
The cost of phishing to a consumer who gets hooked by one of these scams can be incalculable if the objective was ID theft. If it was just credit card theft, the consumer's losses will likely be limited and his or her bank will pay the price. Citibank has been the hardest hit on this front so far, but all banks, worldwide, are now accumulating reserves to cover this growing contingency.
Last but not least, here are the Federal Trade Commission's specific recommendations on how to combat phishing:
- If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
- Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Send the actual spam to firstname.lastname@example.org. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site to learn how to minimize your risk of damage from identity theft.
- Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.