Phishing in Dangerous Waters?
What Every Surfer Needs to Know to Keep their Identity and Bank Account Intact

So What Exactly is Phishing?

According to Michigan’s Office of Information Technology, “phishing is the act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn’t do or shouldn’t do. For example: sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft (e.g., your bank, eBay, and PayPal to name a few).” The term “phishing” comes from the analogy where scammers use email as bait to fish for passwords and financial data from the sea of internet users.

Phishers are scam artists. Many of these scam artists are foreigners who are able to build a counterfeit site, send out millions of emails, then shut down the site before law enforcement can catch up with them. These criminals realize that even if a few recipients give them enough identifying information, they can profit from the resulting fraud. Common “phishing” scams include emails stating:• eBay sent this message in order to notify you about the upcoming database update…

• Your Amazon.com Password Has Been Changed…
• Your eBay account Suspended…
• Account Security Measure, PayPal…
• Chase OnlinSM Notice - JPMorgan Chase and Co…
• Colonial Bank Transaction Completed…
• TD Trust Account suspended…
• People’s Bank Security Warning…
• Notification of a Pending eCheck Payment, PayPal
• Update And Verify Your PayPal Account

For the latest examples of phishing attacks, please visit the website of The Anti-Phishing Working Group (APWG), a 1900+ member global pan-industrial and law enforcement association committed to wiping out Internet scams and fraud. Members of the APWG include 8 of the top 10 US banks, 4 of the top 5 US Internet Service Providers, hundreds of technology vendors, 1300+ companies and agencies, and national/provincial law enforcement worldwide.How to Avoid the TrapsSo now that you’re aware of some of the more common schemes, how do you avoid becoming a victim of this insidious crime? The APWG recommends the following:

• Be suspicious of any email with requests for personal financial information. Phishers typically include urgent statements in their emails to get people to react immediately. They’ll ask for private information such as usernames, passwords, credit card numbers, social security numbers, etc. Plus, never fill out forms in email messages that ask for personal financial information.
• Don't click on the links in suspicious emails to get to any web page. Even though these websites look like the “official” sites, they’re not. They are counterfeit sites frequently using the same graphics from the “official” sites, but do not have the official domain or address of the legitimate site. Rather than the official domain (i.e., eBay.com or PayPal.com), you will frequently see a longer address with the name of the organization listed later in the address (e.g. XXXcompany.com/eBay/). Instead of clicking on the link in the email, call the company on the telephone or log onto the website directly by typing in the official Web address in your browser.
• Only communicate private information over a secure website or the telephone of a legitimate customer service representative. Never give private information to someone calling you. If they need personal information, call the customer support number listed on your bank or credit card statement, tell them about the call you just received, and ask them if there is a problem with your account.
• Always make sure that you're using a secure website when submitting credit card or other sensitive information via your Web browser. To make sure you're on a secure Web server, check the beginning of the Web address in your browser’s address bar - it should be "https://" rather than just "http://."
• Regularly review your bank, credit and debit card statements to ensure that all transactions are legitimate. Log into your online accounts to check for unusual activity. If anything looks suspicious, contact your bank, card issuers or other online accounts.
• Install anti-virus software, a firewall and the latest security updates on your home computer. Consider using the Firefox browser instead of Internet Explorer. Many experts believe Firefox is less prone to viruses than Internet Explorer.
• Always report phishing incidents to the following groups:
  • Forward the email to reportphishing@antiphishing.com
  • Forward the email to the FTC at spam@uce.gov
  • Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
  • When forwarding spoofed messages, always include the entire original email with its original header information intact
  • Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov.
• If you’re a victim of a phishing scam and have given out your personal financial information, visit the APWG website to find out what you need to do.

You see, we’re not talking about that leisurely pastime enjoyed by so many, generation after generation. No, this is a new kind of pastime, new and very dangerous…dangerous to you, your identity, and most definitely your bank account. Don’t become the next phishing victim.