Phishing E-Mail Scam Information
 

Gone Phishing

The line is cast. Don't get reeled in by the artificial bait on the hook.

Phishing is the name given to the unscrupulous attempts to gain personal account information. This information includes banking account numbers, credit card numbers, usernames and passwords, and social security numbers. According to the Anti-Phishing Working Group, www.antiphising.org, up to 5% of recipients respond to these spoofed emails. Computerworld, www.computerworld.com, estimates the figure is much higher at 20%.

According to Wordspy, www.wordspy.com, the term 'phishing' was coined by hackers and 'dot con artist' who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include Charlotte's Bank of America, Best Buy, Paypal and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.

It is important, as an Internet and email user, to remember that companies will never request your account information in this manner. Be suspicious of ANY email that requests personal account information. Do not click on any links contained in these emails. Although the link may appear to take you to the web site of the company, there is code hidden in the link that redirects you to a 'look-a-like' site belonging to the scammer. If the e-mail refers you to a Web site, look carefully at the URL. It's easy to disguise a link to a site.

"Beware of the @ symbol in a URL. Most browsers will ignore all characters preceding the @ symbol, so this Web address -- http://www.respectedcompany.com@thisisascam.com -- may look to the unsuspecting user like a page of Respected Company's site. But it actually takes visitors to thisisascam.com. The longer the URL, the easier it is to conceal the true destination address. Other ways to disguise URLs include substituting similar-looking characters, so that paypal.com could be (and has been) spoofed as paypaI.com or paypa1.com. Similarly, a zero can be substituted for the letter O within a URL." (Computerworld)

A "rose is not always a rose" no matter what you call it. The hacker could also include hidden code that redirects the user to their site if a link is clicked even though the link appears legitimate.

Consumer Advice: How to Avoid Phishing Scams

Federal Trade Commission
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

United States Computer Emergency Rediness Team
http://www.us-cert.gov/cas/tips/ST04-014.html

Phishing IQ Test
http://survey.mailfrontier.com/survey/quiztest.html

Page courtesy of City of Wilson IT Dept. http://www.wilsonnc.org

10/12/05


P. O. Box 1405
201 W Front Street
Lillington, 27546
910-814-6388
910-814-8250 fax
webinfo@harnett.org