HOW TO RECOGNISE AND AVOID PHISHING SCAMS BY CNET COMMUNITY NEWSLETTER
How to avoid the scams you can't fight using spyware removers/anti-virus/firewall etc!.
Today phishing scams come by the bucketload. I see phishing scam e-mail in my in-box every other day. While I'm very aware of these types of scams, my heart goes out to the unsuspecting victims and consequences they suffer. So as a community, I urge you all to do a good deed and spread the word to others. The more awareness people have about these malicious scams, the better off we all will be. As a warm-up to this topic this week, please take this MailFrontier Phishing IQ test, which I just happened to run across while surfing the Web. And after you've taken the quiz, tell us in our discussion how you did.
Now let's deal with Andrew's question about these phishing scams. This week, rather than having one winner, I have three. The great explanations provided by Miguel, Joseph, and Pete are incredibly helpful in explaining the ins and outs of phishing scams. And as always, check out the honorable mentions and other great advice from our members. So read up and be prepared. Hopefully with this awareness, our members will be less likely to fall victim to any phishing scams. Please join us in this week's discussion if you have more to add. Take care, and thank you!
Cheers!
Lee Koo
Manager, CNET community
Member Question of the Week
Over the last three days, I've received several e-mail messages, supposedly from PayPal and eBay. All of them say that there was some sort of "unusual" activity in my respective accounts and that to reactivate them, I need to enter my name, address, debit/credit card number, ATM PIN number, and so on. What's really weird is this just started on Sunday and hasn't stopped. The last time I remember seeing anything like this was back in AOL's 3.0 days, when I'd get phishing IMs. What can people do to avoid receiving these spoofed e-mail messages or at least cut back on their numbers? Also, how can people learn to recognize fake e-mail, and is there any way to trace it back to the sender?
Submitted by: Andrew H.
Miguel K's winning answer
Answer:
Andrew, it is not unusual for phishing e-mail to arrive in bunches and to keep doing so for a few days or significantly longer. Spam and phishing e-mail (the term "phishing" refers to a type of spam that attempts to fool recipients into supplying confidential information) are sent in HUGE numbers so as to increase the probability of reaching some gullible soul. Increased awareness of this problem, as well as efforts to combat the amount of spam and e-mail scams, have forced spammers to rely on different strategies. Chances are all those phishing e-mails are being sent by the same or a small group of individuals, who sent them through different channels in an effort to stay one step ahead of spam filters and ISPs who shut down accounts once complaints are received. Also, by flooding the Web with new scams or more clever variations of old ones, these criminals increase the probability of hitting pay dirt before the new scam is brought to the public's attention.
If there was a simple way to completely stop or effectively minimize spam and phishing e-mails, someone would've have sold it and by now made enough money to make Bill Gates look like a beggar. The sad truth is that there is very little we can do to stop receiving scam e-mails. Again, these messages are sent in bulk, with randomly generated recipient addresses or those harvested from websites, chat rooms, etc. All it takes is for your e-mail address - or one very close to yours - to appear somewhere in the web, and spam will find you. But just because we are currently unable to eradicate spam and phishing scams doesn't mean we should stop trying, or that we have to give in to their tricks. You can find some useful advice for fighting spam here
CNET Forum Link - Fight Spam
as well as by enrolling in the CNET online course I will refer to a bit later.
As for phishing, newer products such as Zone Labs' ZoneAlarm Security Suite (http://www.zonelabs.com/) and Trend Micro's PC-cillin Internet Security (http://www.trendmicro.com/) offer anti-phishing protection. While the latter is hardly a perfect solution, it might be worthwhile if you are getting seriously bombarded with phishing e-mails, or are in the market for comprehensive protection for your PC. You might be able to find anti-phishing freeware on Download.com (http://www.download.com/), too.
The most important thing to realize is that no legitimate business will ever send an e-mail asking for sensitive personal or financial information. Any legitimate company stupid, irresponsible, and careless enough to do so would be essentially giving its customers a heck of a good reason to take their business elsewhere! It's just bad business.
Think about it. A financial institution has your home and work phone numbers, Social Security information, and probably more information on how to contact you than might be found on your own wallet. Even eBay has your phone number. If a serious breach in security were to take place, getting hold of customers as soon as possible would be absolutely essential. Why would a financial institution use standard e-mail - an unsecured form of communication that might or might not be checked daily - rather than contact you by phone?
Then there's the question of how exactly entering account, PIN, credit card numbers and/or your mother's maiden name on a website does anything about "suspicious account activities." Chances are, financial institutions and other organizations will either halt access to an account and call the account holder as soon as anything out of the ordinary is detected, or require that you contact them before access is restored. Why would they e-mail you to ask information already in their possession? Some of these phishing e-mails and websites ask for so many details that they literally scream "identity theft!!!"
It follows that if no legitimate business will ask for sensitive information via e-mail, you should never e-mail any sensitive personal information. Ever. Any e-mail that requests such sensitive information, regardless of how genuine or sophisticated it looks, has to be considered fraudulent and treated accordingly. Period.
(You might run into small, legitimate retailers who sometimes give you the option to remit credit card payments via e-mail. Don't. Call them instead and provide the payment details over the phone, even if they lack a toll-free number. And even these retailers will not send you an e-mail asking for a credit card number or similar information!)
What should you do when you get that "verification" e-mail or one alerting you to some supposed emergency? The Federal Trade Commission (FTC) offers the following advice on an article titled "How Not to Get Hooked by a 'Phishing' Scam," included here in its entirety for your convenience:
- If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser - phishers can make links look like they go to one place, but that actually send you to a different site.
- Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
- Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
- A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
- Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.
- Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
- If you believe you've been scammed, file your complaint at ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft. Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See http://www.annualcreditreport.com for details on ordering a free annual credit report.
You can learn other ways to avoid email scams and deal with deceptive spam at ftc.gov/spam.
(Original source: http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm)
I forward all phishing e-mails to spam@uce.gov as well as to SpamCop (you'll need to register at http://www.spamcop.net/ for the free reporting service). SpamCop will process the e-mail and forward a report to the company, bank or organization impersonated in the e-mail. SpamCop will also try to trace back the message to the original sender. There is really no need to try to trace the e-mails yourself. In all likelihood, doing so will accomplish nothing good.
While most phishing scams stand out like a sore thumb, there are always a few that make even experienced users wonder. If you would like to learn more about the intricacies of identifying phishing e-mails, by all means check out the interesting analysis of one of these legit-looking e-mails in Lesson 3 ("The World of Spam") of Help.com's outstanding Combating Spam and Spyware online course. This free course is currently being offered through July 1, and I highly recommend it. (http://courses.help.com/index.jsp)
There are simpler ways to tell if a message is fraudulent, though. You can visit the Anti-Phishing Working Group's website (http://www.antiphishing.org/) and search its Phishing Archives to see whether the message you received is already there. You can also file a report while there, though that should be unnecessary if you have already forwarded the suspicious e-mail to SpamCop and/or the FTC.
Other websites dealing with Internet hoaxes and rumors (e.g., http://urbanlegends.about.com/library/blhoax.htm?once=true& ) might also corroborate your suspicions. Remember, phishing e-mails are essentially Internet hoaxes that strike a nerve and tend to be immediately taken more seriously simply because of the blunt emotional impact the threat of a sudden financial catastrophe has on their readers.
Last, but not least, you can always open a new browser window and visit PayPal, eBay, or your bank's website. Logging into your account without any difficulties should confirm that the warning was bogus.
Hope this helps!
Submitted by: Miguel K. of Columbus, Ohio
FREE SCAN - NOADWARE!
Click The Link or Image Above For More Information And To Download The Software.
**************************************************
FREE WEBMASTER DOWNLOADS - CLICK HERE
- Affiliate Program Links Management Spreadsheet
- Autoresponder Management Spreadsheet
- Autoresponder Broadcasts Management Spreadsheet
**************************************************
SPYWARE DEFINITION LIST BY GREGG GRESHAM
The list of adware and spyware definitions runs very long. But these definitions listed below are some of the most common ones. This is a glossary of spyware facts and terms so you'll know what these malicious programs can do to your computer.
Adware
Adware components install along with a shareware or freeware download. The adware developer creates revenue advertisements usually through pop up windows. Most adware components are actually installed with consent from the user. The reason this happens is because most people never bother to read the end-user license agreement that comes with software.
Spyware
Spyware is often installed bundled with freeware or shareware, much like adware. Spyware gathers and transmits sensitive and personal information about the user's behavior to an unknown party. The data is collected without the user even knowing it happened. By the time you discover it, the damage has been done and the hacker is long gone.
Browser Hijackers
Browser hijackers are innocently installed as helpful browser toolbars. They can alter your browser settings and can change your default home page to point to another site.
Trojan Horse Programs
Trojan horse programs sneak into your system and run without you realizing it like spyware. Programmers use these programs for any number of malicious uses and none of them you would approve of. But one good thing is Trojan horse programs do not make copies of themselves.
Tracking cookies
Tracking cookies are files with small amounts of data like passwords and settings. Tracking cookies can provide a benefit to you especially if you revisit web sites. But in the wrong hands, cookies are used to track your Internet behavior. This is done without your knowledge or consent and provides marketers with private information about you.
Keyloggers
Keyloggers are programs that run silently in the background, recording all your keystrokes. Once the keystrokes are logged, they can be retrieved later by the hacker using a remote keyloggers program. The hacker can get your passwords, credit card numbers and any other personal information on your computer.
Malware
The definition of malware is any malicious software or program that will harm your computer. Computer viruses, worms and Trojans are all considered malware, but several other types of programs may also be included under the term.
Password Cracker
A password cracker is simply a program used to decrypt a password or password file. Security administrators use password crackers for legitimate use by using them to improve system security. But you can only imagine the dangers when a hacker gets a program like this.
There are many other spyware definitions including scumware, annoyanceware, parasites and the list continues to grow daily.
MASTER TRADER E-BOOK
BECOME A MASTER TRADER - TRADE IN
ANY STOCK MARKET INTERNATIONALLY!
EINSTEIN OF FINANCE BIOGRAPHY:
READ THE STORY OF THE MAN MANY CALL THE "EINSTEIN OF FINANCE" (EXTRACT FROM THE BIOGRAPHY)
