E-mail Scams and Phishing Attacks

Phishing attacks use spoofed e-mails and fraudulent Web sites designed to fool recipients into divulging personal data such as credit card numbers, account user names and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers, credit card companies, and other organizations, phishers are able to convince too many recipients to respond with confidential information. As a result of these scams, an increasing number of consumers are suffering credit card fraud, identity theft, and financial loss.

What information are they after?

E-mail spoofers are commonly trying to get the following information:

• passwords or PIN numbers 
• credit card numbers or CCV codes (the 3-5 digits on the back of the credit cards)
• ATM/debit or credit card information
• social security numbers
• banking information (account number, routing number) 

Never provide any of this information via e-mail!

Things to know and remember when opening ANY e-mail that is asking you to provide information:

• No reputable organization will ever ask you for confidential information via e-mail.
• Never respond to an e-mail from a source you are not 100 percent sure of. When in doubt, call them.
• Never be afraid to call the company. If they want your information, they should be able to take it over the phone.
• Always check the authenticity of a Web site before you provide any of your personal information.
• Never click on a link in a suspicious e-mail because it may take you to a malicious site. Open a new browser window and type in the link manually.
• Phishing e-mail will often have a sense of urgency. ("Your account will be closed if you don't..." etc.) They may also contain strange words, misspelled words or unusual or awkward phrasing to help them avoid SPAM-filtering software.

Valid Sources that are Frequently Spoofed

Phishing attacks hijack the brand of established organizations. The user believes they are ordering legitimate products, applying for a legitimate mortgage, retrieving electronic greeting cards or conducting some other real business transaction. Here are some of the most commonly spoofed brands and links to their phishing information pages:

Financial

• Citibank (Learn about email spoofs)
• Citizens Bank (Important Information about Online Security)
• Bank of America (Reporting and Resolving Fraud)
• US Bank (E-mail Fraud Information)
• Wachovia (Security Plus Customer Center)
• Washington Mutual (E-mail Scams: Phishing)
• Wells Fargo (How to Protect Yourself)
• Western Union (Consumer Fraud Awareness)
• more...

Online Services

• Amazon (Identifying Phishing or Spoofed E-mails)
• AOL (Privacy Policy)
• Ebay (Privacy Information)
• Paypal (Protect Yourself from Fraudulent E-mails)
• IRS (How to Protect Yourself from Suspicious E-Mails or Phishing Schemes)
• Yahoo (How do I report spam?)

Others

• your employer
• help desk personnel
• IT organization
• vishing (Phishing via Phone)

Who's Who Scams (similar to a phishing attack)

• http://www.consumerjungle.org/content/view/370/836/
• http://en.wikipedia.org/wiki/Who's_Who_scam

What You Can Do

To keep from becoming a phishing victim follow the advice given by Anti Phishing Work Group. More anti phishing resources are available in our related links page.

Security Comics from Securitycartoon.com

A new comic with every refresh.

Reproduced with permission. Please visit www.SecurityCartoon.com for more material.