Magazine article Occupational Hazards

Phishing Expeditions and Hard Drive Hygiene: How You Can Protect Yourself from E-Mail Fraud Schemes and Computer Viruses, Plus the Hidden Pitfalls of Your Hard Drive

Magazine article Occupational Hazards

Phishing Expeditions and Hard Drive Hygiene: How You Can Protect Yourself from E-Mail Fraud Schemes and Computer Viruses, Plus the Hidden Pitfalls of Your Hard Drive

Article excerpt

Internet crime is a growing problem. The Federal Bureau of Investigation's Internet Fraud Complaint Center (www.ifccfbi.gov) reported processing over 120,000 complaints in 2003, compared to 75,000 in 2002--a 60 percent increase.

The most popular crime, fraudulent Internet auction sales, accounted for 46 percent of the complaints. Thirty-one percent of complaints were for non-shipment of purchased merchandise. Credit card fraud ranked third, at 12 percent.

More sophisticated criminals have begun "phishing" (pronounced "fishing") for victims. Pfishing uses spam, often propagated by an e-mail virus or worm, to defraud unwary recipients. The e-mail appears to be from a legitimate business with instructions to submit sensitive information to a counterfeit Web site.

My first phishing experience was an official looking e-mail allegedly from PayPal. The e-mail stated that my account would be terminated unless I submitted my credit card number to a decoy PayPal Web site. Two things tipped me off that the e-mail was a scam. First, the e-mail was sent to my office e-mail address, not the e-mail address registered with PayPal. Second, I received 10 copies of the e-mail--obviously virus-generated spam.

[ILLUSTRATION OMITTED]

Another phisher sent me two "BankOne" e-mails. The e-mail told me to log in to my account "due to recent fraud attempts" to check if funds were missing (Figure 1). I don't have an account with BankOne, but I wonder how many customers submitted their bank account login name and password to the fraudulent Web site.

[FIGURE 1 OMITTED]

Descriptions of 18 other phishing scams, all from October through December 2003, are available on the Phishing Archive Page at anti-phishing.org. Take a few minutes and review each scam. Notice how the Web site address displayed in the browser address field is not the official address for the company (anti-phishing.org/phishing_archive/paypal_11-24-03.htm). Or that the con artist "spoofs" the Web site address using a flaw in Microsoft Internet Explorer (anti-phishing.org/phishing_archive/Earthlink_12-20-03.htm).

How can you protect yourself against phishing attacks? The Federal Trade Commission (www.ftc.gov) recommends:

* If you get an e-mail warning you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the company cited in the e-mail using a telephone number or Web site address you know to be genuine.

* Avoid e-mailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.

* Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

[FIGURE 2 OMITTED]

* Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.

But you should do even more. Since phishing expeditions use virus-propagated spam, protect your computer from viruses and spyware.

First, update your operating system software with the latest security patches. Microsoft Windows users should install all the critical security patches available at www. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.