Phight Phraud: steps to protect against phishing.You receive an e-mail that appears to be from your bank. You recognize the logo and the letter format. Its even signed by the bank officer you deal with. It says there has been a glitch A temporary or random hardware malfunction. It is possible that a bug in a program may cause the hardware to appear as if it had a glitch in it and vice versa. At times it can be extremely difficult to determine whether a problem lies within the hardware or the software. See glitch attack. in your account and asks for verification of some information-credit card numbers, passwords and other personal information which you quickly supply. Congratulations, you've just inadvertently given a crook the key to your bank account. This fraud technique, known as a phishing (pronounced fishing), is growing in frequency and sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. . This article will tell you how to guard against it. HOW IT WORKS A typical phishing sends out millions of fraudulent e-mail messages that appear to come from popular Web sites that most users trust, such as eBay, Citibank, AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services. , Microsoft and the FDIC FDIC See: Federal Deposit Insurance Corporation FDIC See Federal Deposit Insurance Corporation (FDIC). . According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the Federal Trade Commission, about 5% of recipients fall for the scheme and give information away. Phishers wish to irrationally alarm recipients into providing sensitive information without thinking clearly about the repercussions repercussions npl → répercussions fpl repercussions npl → Auswirkungen pl . Victims might be told someone has stolen their PIN and they must click on the provided link to change the number. At the linked site, victims see an exact copy of a site they know and trust. They enter their account number and PIN and a return response shows that the site is temporarily down due to maintenance or some other satisfactory-sounding excuse so they will not try to initiate a connection to the real site. It sometimes takes several weeks to realize a crime has been committed. Meanwhile, victims are hooked and the phisher uses the information to purchase goods, apply for new credit cards or steal their identity. There are several free products that fight phishing by disclosing whether the Web site you contact is legitimate: * Netcraft Toolbar A row or column of on-screen buttons used to activate functions in the application. Many toolbars are customizable, letting you add and delete buttons as required. Toolbars may be fixed in position or may float, which means they can be dragged to a more convenient location in the (http://toolbar. netcraft.com) works in both Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. and Firefox. * Cloudmark Safety Bar (www.cloud mark.com/products/safetybar) only supports Internet Explorer. * Mozdev.org TrustBar (http://trustbar. mozdev.org) works only in Firefox. * EarthlinkToolbar (www.earthlink. com/software/free/toolbar). Microsoft also recently announced it is adding antiphishing features to Internet Explorer 6 and subsequent versions. The new phishing filter, which will require Windows XP SP2, will be available shortly in a beta version. PROTECTION TIPS As the use of financial transactions on the Internet becomes more pervasive, con artists will continue to develop new and more sinister ways to trick victims. Here are ways to protect yourself: * As a general rule, never e-mail personal or financial information. * Never respond to requests for personal information in e-mails. Banks, the IRS An abbreviation for the Internal Revenue Service, a federal agency charged with the responsibility of administering and enforcing internal revenue laws. and legitimate businesses never ask for such information through e-mail. If you are tempted to respond, call the company instead. * If you initiate a transaction that calls for personal or financial information, confirm that the Web site is secure by checking for a lock icon on the browser's status bar or a URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. that begins https (the s stands for secure) instead of http. * Be aware that phishers are able to forge a security icon only when they initiate an e-mail, which is why you never should reveal information in response to a received e-mail. * Check credit card and bank statements as soon as you receive them for any unauthorized charges. If your statement is late by more than a couple of days, call the company or bank to confirm your billing address and account balances. * Use antivirus software and keep it current. Use a firewall if you have a broadband connection. * Report suspected abuses to the antiphishing network authorities at reportphishing@antiphishing.org and to the company that's being spoofed. If you suspect your personal information has been compromised or stolen, be sure to promptly contact the Federal Trade Commission and the identity theft Web site at www.consumer.gov/idthe ft. Phishing is the latest crime of the 21st century: Understanding the techniques and technologies phishers use can help you protect against them. AICPA AICPA See American Institute of Certified Public Accountants (AICPA). RESOURCES Conference Technology Conference June 11-14, 2005 Hilton, Austin, Texas CPE (Customer Premises Equipment) Communications equipment that resides on the customer's premises. CPE - Customer Premises Equipment Information Security: Critical Guidance for CPAs in Public Practice and Industry (# 732450JA). (Also available as a public seminar or as on-site training. For more information, visit www.aicpalearning.org/ public_seminars.asp). To order or to register go to www.cpa2biz.com or call the Institute at 888-777-7077. Steven C. Thompson, CPA, PhD, is the McCoy Professor at Texas State University, San Marcos, and webmaster for the American Taxation Association. His e-mail address is taxman@txstate.edu. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion