How does phishing work? What is phishing?
The term phishing (FISHing) refers to a scam thieves attempt to undertake to steal victims’ personal financial information. Most often the scammer sends an e-mail to thousands of people asking for information such as Social Security numbers, credit card numbers, bank account numbers, and personal identification numbers (PINs). Although it seems obvious, the trick to phishing is creating a counterfeit Web site of a trusted financial or other company Web site to which the unsuspecting consumer is directed. The subjects of these e-mails are often “Account Information Update Required” or other phrasing that suggests that the account with the “spoofed” company has been compromised or will be canceled. The counterfeit Web sites register the data entered by the victim and scammers can then use this information to commit fraud and steal the victim’s identity by charging purchases and opening new accounts.
Where did the term phishing come from?
The term phishing (FISHing) was coined because thieves are fishing for your personal financial information. They send out thousands of lures and hook only a few victims. The “ph” comes from a common hacking term. The first type of hacking was called “phreaking.” In the mid-1990s, America Online accounts were some of the first hacked accounts and were called “phish”. These phish were treated as a form of currency where scammers could trade phish for hacking software.
What is spoofing?
Spoofing is something pretending to be something it is not, on the Internet, usually an e-mail or Web site. Typically, it is a technique used to gain unauthorized access to computers, whereby the intruder hijacks a target’s root Internet address (known as an Internet Provider or IP address) to make it appear as though fraudulent e-mails are from a trusted source. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify its identifying information on the Internet. Spoofers can be anyone. They can be ordinary criminals out to steal money, competitors trying to cripple your business, disgruntled employees or irate customers. Attacks can be personally motivated or simply random. Spoofing of a bank Web site is nothing more than just another attempt to rob the bank.
Are people falling for phishing scams?
Because most people have grown increasingly aware of this scam, most phishing e-mails are deleted. However, the sheer quantity of attacks has increased, thus reaching more victims – and the technology the criminals employ has become more sophisticated. Overall, the number of successful attacks is small in comparison to the number of e-mails that are sent out each day as lures. Yet, it’s still important to note that roughly 3 percent to 5 percent of people who receive phishing scams take the bait.
How do you know if an e-mail or phone call is “phishy”?
If the e-mail or phone call you receive is unsolicited and from a company with which you do no business, you know it is a scam. If you receive an unsolicited e-mail or phone call from a company you hold an account with, you know it’s a scam it they ask for personal information the company should already have on file about you. Remember, First Landmark Bank will never ask for personal information by e-mail. If you’re still not sure about the legitimacy of an e-mail, call the company at a phone number you know to be accurate.
What should you do if you’ve given personal information to phishers?
Act immediately. Contact your bank and any companies you deal with and make them aware of the problem as well. Check your bank and credit card statements and contact all credit reporting agencies, such as Experian, Equifax, and TransUnion if appropriate. Change all of your online user names and passwords associated with personal accounts.
How do phishers get your e-mail address?
Phishing e-mails are essentially dangerous spam. Spammers utilize a variety of techniques to gather e-mail addresses – Web sites, newsgroups, guesswork and list trading. These are the same methods used by phishers. Phishers do not gather e-mail addresses from bank records; unfortunately, one common misconception by consumers is that their bank actually provided the criminals with their names and e-mail addresses. This is simply not the case.
How do I report a phishing attack?
The Internet Crime Complaint Center and the Anti-Phishing Working Group register phishing scams and are a good resource for more information on what to do if you’re a victim of phishing.
What is pharming?
Pharming is a scam that often relies on infected, hacked, or otherwise compromised computers. Once a computer has been compromised, customers attempting to navigate to a legitimate bank’s Web site by a customer will be re-directed to a spoofed Web site. This can be accomplished in a number of ways. A virus or malware on a PC can re-route a customer to a spoofed Web site even when the customer has directly entered the address on their browser. Domain Name System (“DNS”) cache poisoning (altering DNS re-routing) by phishers causes customers to be re-directed by the Domain Name System. DNS addresses are text, such as ‘www.google.com,’ but are translated into numeric addresses. Pharmers attack the translation process and redirect your computer to the scamming IP address and Web site. The sites will likely look similar and the information you enter will be sent to the scammer, not to your trusted site.
What is Malware?
Malware (malicious software) is software that is surreptitiously installed on a private computer’s hard drive that is designed to harm or take unauthorized control over a computer system or to steal the data it contains. Malware is often distributed as an attachment to spam and phishing e-mails. When a customer reads the e-mail, they unknowingly install the malware on their computer. Numerous terms are used for different types of malware, usually based upon how they spread and what they are intended to do. Computer viruses, Trojans, and worms can all be used to install malware on a vulnerable computer. Monikers such as spyware, adware, key loggers, and back doors refer to the goal of the malware. Some malware attacks attempt to capture the actual keystrokes entered by an individual on their computer’s keyboard. The primary purpose of malware is to steal private information that can be exploited in some way.
What can be done to stop phishing?
Educating customers, installing fraud detection software, and working with industry coalitions, can accomplish combating phishing. These coalitions, along with law enforcement agencies at local, state, and federal and international levels, are working together to find phishers, shut down their Web sites and prosecute them to the full extent of the law. Since these anonymous scammers are so elusive – and often based outside the United States – consumer education is extremely important. The more people know about phishing and other identity theft scams, the fewer victims will be affected by these scams.
Is online banking still safe despite phishing and pharming?
Online banking is a safe and effective way to manage your money; however, just as you would not share your financial information with a stranger who knocked at your front door, so should you be guarded when online. Treat unsolicited e-mails asking for information with extreme caution and do not click on links within e-mails. Go to the Web addresses you know to be accurate and confirm that the sites you are visiting are secure – shown by a padlock in the bottom right corner or “https” at the beginning of the Web address. Also, make sure your computer’s security software is current and that you download the most recent updates.