A Phishing Trip No One Wants to Take

March 20, 2013

I received a rather interesting email from my mom this weekend. There were no words, just a hyperlink to a website promoting a weight-loss supplement called Raspberry Ultra Drops.  Either my mom was trying to tell me something or her email had been compromised–again.  Since there were no words in the email, which is very odd for her, and the hyperlink consisted of random nonsensical characters, I suspected the latter.  As you can see from this fraud alert, http://www.onlinethreatalerts.com/article/2013/1/9/raspberry-ultra-drops-to-help-your-weight-drop-spam-email-and-fake-websites/, I was right.

Scams like this one are happening every day.  This particular kind of scam, which is known as phishing (http://www.microsoft.com/security/resources/phishing-whatis.aspx), seeks to steal your personal financial information by posing as a legitimate website, when in reality it is just a facade for a fraudulent site.  These scams are often perpetrated by hacking into a person’s email account and sending emails to all of the contacts in their address book.  The worst part is the person whose email address they are coming from often doesn’t even know this is happening.  The unsuspecting victim at the other end thinks they are getting an email from a friend or relative and may falsely believe the hyperlink is to something the sender has already visited.

Other forms of phishing include mass emails sent by scammers that claim to be from legitimate financial institutions like your bank or financial service companies like PayPal.  In 2012, global losses to phishing were estimated at $1.5 billion (http://biztech2.in.com/news/security/2012-global-losses-from-phishing-estimated-at-$15-bn/154212/0).  You are probably already getting phishing emails on a regular basis and many are getting caught by your personal or company’s spam filter but every once in a while, one sneaks through and you only have to fall asleep once for it to cost you a bundle.

Here are some tips to make sure you don’t inadvertently become a victim of this terrible crime:

1. Financial institutions NEVER ask for your personal information

If you ever receive a text message or email from a financial institution asking you to “verify” your information, that should be an immediate red flag.  If you are ever worried or unsure about the status of your account, all you have to do is pick up the phone and call the customer service number printed on your statement or found on the company’s website.

2. Never make unsolicited purchases

Even if I was in the market for Raspberry Ultra Drops, getting an unsolicited request to buy them in an email or pop-up ad is an opportunity for fraud.  Just because the ad or email says the link is to a commercial website like Amazon.com doesn’t mean it actually is.  If you are in the market for something you intend to purchase online, simply open a new window and visit your favorite shopping website directly.

3. Run anti-phishing software and keep it updated

One of the best ways to keep from becoming a victim of phishing emails is to avoid getting them to begin with.  Many popular web browsers like Firefox and Chrome already have built-in anti-phishing protection (http://www.phishing.org/resources/anti-phishing-software/), but no amount of protection is better than good ol’ common sense.

4. Review your financial statements regularly

A criminal is not going to call you up and let you know when they plan to use your stolen information, so it’s best to keep an eye on those statements.  Some fraudsters will even go so far as to redirect your mail to keep you from finding out that your information has been compromised.  Be vigilant and contact your financial institution if you suspect your statements are late.

5. When in doubt, throw it out

Opening an email or text message will not harm you, but clicking on what’s inside could.  Use good judgment and when in doubt, simply delete the message.

These are just a few steps you can take to avoid a phishing attack, but as I said earlier, the best weapon is the one between your ears.  If something doesn’t seem right to you, it probably isn’t.  For more information on ways to avoid phishing, visit OnGuardOnline.gov (http://www.onguardonline.gov/articles/0003-phishing).