Taking the bait.Byline: Joe Mosley The Register-Guard It doesn't take a genius to realize that "Mr. Chris Herbert" may be something less than the real deal. His e-mail explains that as the accountant of a renegade oil company in Nigeria, he has sole access to $35 million in ill-gotten and untraceable profits. All he needs is a trustworthy and discrete partner to receive the money in another country and hold it for him; in return, he is willing to hand over $10 million. Mr. Herbert is a cyberscam dinosaur. His version of the Nigerian money transfer fraud is laughably laugh·a·ble adj. Causing or deserving laughter or derision. laugh  a·ble·ness n. transparent, almost charmingly naive.
But what about an e-mail from your bank, directing you to a corporate Web site to update your account information? What about the one from your Internet service provider Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. , informing you that your credit card has expired and pointing you to a Web form to re-enter re·en·ter also re-en·ter v. re·en·tered, re·en·ter·ing, re·en·ters v.tr. 1. To enter or come in to again. 2. To record again on a list or ledger. v.intr. its number? That's "phishing Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. ," in the language of computer geeks Computer Geeks is an Internet discount retailer of computer hardware, peripherals and consumer electronics to businesses, resellers and consumers. Computer Geeks focuses on purchasing manufacturers' excess inventories, closeouts and out-of-date products which allows the company to and cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. cops. And the folks dangling the lines are far more sophisticated than Mr. Herbert. The con artists on the other end of these lines are trying to hook into sensitive personal information - bank or credit card numbers, Social Security numbers, PIN numbers and online account passwords, for instance - that they can use to cash in on their victims' good names and credit ratings. "If (a victim) has a retirement account, savings and a Visa - a few minutes and a few mouse clicks later, and $40,000 or $50,000 in each account, it's all gone," says Rob Brunner, securities investigator for the Oregon Department of Consumer & Business Services. "You have to figure, how many people fall for it?" Brunner says. "And how many do (the swindlers) have to get to be successful? It can add up pretty quick." The U.S. Department of Justice has recently launched a coordinated counterattack Attacking an attacker. Even though a criminal hacker or other agent is attempting to penetrate a security perimeter or damage systems, the counterattack must not violate applicable laws. on current Web-based fraud cases that have cost an estimated 150,000 victims a total of more than $215 million. That's up from the 48,000 victims and $54 million that was lost to such scams in all of 2002, the most recent year for which such figures were compiled by the Internet Fraud A crime in which the perpetrator develops a scheme using one or more elements of the Internet to deprive a person of property or any interest, estate, or right by a false representation of a matter of fact, whether by providing misleading information or by concealment of Complaint Center, a partnership of the FBI and the National White Collar Crime white collar crime n. a generic term for crimes involving commercial fraud, cheating consumers, swindles, insider trading on the stock market, embezzlement and other forms of dishonest business schemes. Center. While those figures include all forms of online fraud - from Nigerian money transfers to online auctions in which either the buyer or seller has been stiffed - phishing scams currently make up somewhere between 5 percent and 10 percent of the cases. And the "phishing" attacks are growing exponentially in number, as well as in sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. and deceptiveness. The Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. - a collaboration of banks, online businesses, technology companies, law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). and others - counted a monthly total of 116 new and unique phishing attacks just last December. The number then increased an average of 50 percent each month through July - the most recent month for which figures are available - when a total of 1,974 new phishing scams were reported. The Anti-Phishing Working Group estimates that phishing scams generate responses from as many as 5 percent of those who receive the e-mails. "We know of dozens and dozens of victims of phishing sites," says Kevin Neeley, a spokesman for the Oregon Attorney General's Office. "If you've been victimized, the chance of getting any kind of justice is virtually zero," Neeley says. "These con artists are fly-by-night, and oftentimes they operate from overseas. Their operations are sophisticated, they're international and they're successful." Online fraud has gotten the attention of Congress, which is expected to adopt the Internet Spyware Prevention Act The Internet Spyware Prevention Act, also known as I-SPY, is an act by the United States Congress to impose penalties and punishments on creators of computer spyware. The act was first introduced in the House of Representatives in 2004 and passed in 2005. this year and provide the U.S. Justice Department with $10 million to beef up its fight against phishers and other online crooks. The classic case of a phishing scam (SCSI Configured AutoMatically) A subset of Plug and Play that allows SCSI IDs to be changed by software rather than by flipping switches or changing jumpers. Both the SCSI host adapter and peripheral must support SCAM. See SCSI. is an unsolicited e-mail purporting to be from a credit union or bank, a credit card company, an Internet service provider or an online business such as eBay or Paypal. Typically, the e-mail includes a link to a fake Web site - one that is designed to look as much as possible like the real thing, but that in fact is operated by a phishing scammer scam Slang n. A fraudulent business scheme; a swindle. tr.v. scammed, scam·ming, scams To defraud; swindle. [Origin unknown. . You want audacious? How about the phishing e-mail that circulated in July, purporting to be from the FBI's own Internet Fraud Complaint Center. It said that investigators were on the trail of an individual with whom the e-mail recipient was believed to have made a transaction, and asked the recipient to conduct another financial transaction as a means of helping to catch the man. On the same level is a September e-mail purporting to be from the Federal Deposit Insurance Corp. and asking recipients to follow a link to a "secure" Web site to register their credit and debit cards debit card, card that allows the cost of goods or services that are purchased to be deducted directly from the purchaser's checking account. They can also be used at automated teller machines for withdrawing cash from the user's checking account. in a new, anti-fraud screening program. But the object of any of the phishing frauds is to trick consumers into divulging personal financial data - access codes and the like - which are then used to steal money from the victims' accounts. The banks and other institutions that hold victims' accounts are actually the big losers, because consumers are generally protected by liability limits. Those e-commerce businesses also stand to lose credibility, as phishing scams become more and more realistic and customers become ever more gun-shy about making online transactions. "That's the more serious issue, from my perspective - how (phishing attacks) might undermine consumer trust in the Internet," says Bill Rosenkrantz, a group product manager working on Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. issues with security software company Symantec Corp. in Los Angeles Los Angeles (lôs ăn`jələs, lŏs, ăn`jəlēz'), city (1990 pop. 3,485,398), seat of Los Angeles co., S Calif.; inc. 1850. . "I personally love to not have to go stand in line at banks," he says. "But both consumers and institutions are concerned. A lot of institutions have built their business on (Internet transactions)." Rosenkrantz says there are several steps that can be taken to minimize exposure to phishing scams, including regular changing of account passwords, periodic updates to a computer's operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. - whether Windows, Macintosh or other - and use of computer programs that provide a range of Internet security features. Symantec offers Norton Internet Security Norton Internet Security (NIS) is a computer utility suite made by Symantec Corporation, with a focus on providing comprehensive Internet protection. It is available for both Microsoft Windows and Mac OS X. It is one of Symantec's flagship products. , for instance, but Rosenkrantz says similar programs by other software makers work in much the same way. Most such programs include anti-spam and anti-virus features to filter out harmful e-mails, and spyware detection mechanisms that search for illicit data-collecting programs that can be slipped into a computer via either e-mail or Internet downloads. "All of them will significantly decrease the risk, but I also will say that because the risk is extremely new, none of those (programs) is completely optimized," Rosenkrantz says. "None of those solutions, without using the best practices, is bulletproof Refers to extremely stable hardware and/or software that cannot be brought down no matter what unusual conditions arise. See industrial strength. bulletproof - Used of an algorithm or implementation considered extremely robust; lossage-resistant; capable of correctly ." And he has a good guideline for what constitutes best practices in dealing with questionable e-mails. "If someone calls your house and says, 'I'm from Bank One, give me your account number,' I don't think anybody's going to do that," he says. "Just take that same kind of common-sensical approach." Mike Morrow, senior agent in charge of Eugene's FBI office, points out that most phishing e-mails seek information that legitimate businesses or institutions would never ask. And he believes that if computer users step back and consider a questionable e-mail before responding to it, most will recognize it for what it is. "Yes, they have become more sophisticated," Morrow says. "That's where people just have to realize, institutions are not going to be asking those kinds of questions because they have that information (such as account numbers) already." E-MAIL PHISHING: DON'T TAKE THE BAIT Various organizations and agencies have suggestions on how to avoid being hooked by con artists "phishing" for your personal information - and what to do if you suspect someone is angling for your banking, credit card or other data. Be suspicious if anyone claiming to be from a bank, online retailer (such as eBay), credit card company or government agency e-mails you and asks you to confirm personal information such as account numbers, PIN numbers, passwords, Social Security numbers or even your mother's maiden name maiden name n. A woman's family name before she is married. Used of a surname that is replaced by a woman when she marries. Also called birth name. . If such a business or agency legitimately needs to have such information, it already does. Be leery of e-mails claiming you've been the victim of a fraud, or that your account information needs to be updated or confirmed. All are common phishing ploys that attempt to gain access to people's accounts through fraudulent Web sites. Don't click on a link in any e-mail that asks for personal information. It may take you to a phony Web site that could look like the site of a real company or agency. Instead, type an institution's URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. into your Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. yourself. Look for spelling or grammatical errors, which are common in phishing ploys that originate in Verb 1. originate in - come from stem - grow out of, have roots in, originate in; "The increase in the national debt stems from the last war" foreign countries. If you follow an e-mail link to a Web site, look closely at its URL - it may contain the name of a legitimate institution, but in phishing scams the name often follows a sequence of other words or numbers. Don't respond to e-mails that request personal information, especially those that use pressure tactics or fear - such as your account may be terminated if information is not updated immediately. Use the phone to find out whether the request is legitimate. Lower your vulnerability to phishing scams by adding firewalls or security software to your computer - such as anti-virus, anti-spam and spyware detection features. Conduct online financial transactions only on secure Web pages that use encryption (look for a closed padlock in the status bar, and make sure the URL starts with "https" instead of "http." Some phishers have created fake Web sites that appear to have padlocks. To find out if a padlock is legitimate, click on its icon to see the security certificate; it should say it's issued to the institution you intend to be dealing with. Always check your monthly account statements to verify all transactions are legitimate, and that the company has current contact information for you. If you have been the victim of a phishing attack, report it immediately. If you believe a bank, credit card or investment account has been jeopardized, contact the institution. If you believe your personal data has been stolen, visit the Federal Trade Commission's Identity Theft Resource Center at www.consumer.gov/idtheft/index.html for information on how to file a complaint and control damage. You may report the scams to the FBI's Internet Fraud Complaint Center at www.ifccfbi.gov, or to the Anti-Phishing Working Group - a group of banks, credit card companies, online retailers and government agencies - at www.antiphishing.org. - Source: National Consumer League |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion