'Phishing' for Suckers: Two Things You Should Look For In An email

"For Your Immediate Attention! Don't Lose Your Account! Update Immediately!"

Bob opened the email and was confronted by the logo of one of his major credit card companies. He had been carrying the card for some time, and had used it for a lot of online purchases.

Understandably he was concerned with the message under the logo: "Due to online identity theft, we need to verify that the information in your account is accurate, or we will be required by the FTC to suspend it."

Below was an itemized list of the information he was required to verify: his old account number, name, address, telephone number, social security number, and mother's maiden name. The also wanted him to change the password to his account.

Panicked, Bob hit the reply button and started filling in the information. He didn't want to lose that account. He had set up several online accounts using that credit card number, and used it to buy and sell in online auctions...

THE "PHISHERMEN" AND THEIR HOOKS

"Phishing" is a technique used by identity thieves to stampede people into giving out their credit information online. The scam has been around for awhile, and, unlike Bob, most people are aware that they should never:

- Be intimidated by a message found in an "authentic looking" email

- Reply by giving vital information to the "phishers"

- Open up any links contained within the email, which can download "criminalware" onto their computer.

We all know these facts intellectually, but when confronted by an intimidating message, many of us react emotionally, not rationally. Maybe I'm more easily intimidated than most, but I've found myself opening an email and feeling compelled to fill out the information the message demands.

I have to confess an incident that occurred when I almost did that very thing. In my own defense, however, I have to say that it happened before I'd ever heard the term "phishing". Fortunately I became suspicious before hitting the "Send" button.

But I almost did it. I almost sent it off and thereby hanged myself.

THE LAKE IS GETTING CROWDED

Although the public is becoming savvier to this scam, the "phishermen" must be experiencing success because the Anti-Phishing Working Group, http://www.antiphishing.org/ reports that phishing incidents are on the upswing.

They list 28,571 consumer reported incidents in June 2006, almost double the reported numbers in June 2005.

More suckers are being "phished" than ever before, and as every honest fisherman knows, there is no bag limit on suckers.

HOW TO IDENTIFY LEGITIMATE EMAILS

Of course, the best thing to do when asked for vital information by someone purporting to be a legitimate credit card company or other institution is to call the company on the telephone and ask if the email in question does indeed come from them. Then, if it has, go to that site to change your information.

But there are a couple of "quickie" things you can look for in the email itself, which you should do if you are alarmed by the message and tempted to jump.

1. Check the "From" Address to see if the address is correct. It should come from a top level domain, i.e. ebay.com, not a sub domain such as ebay.security.com. A sub level domain can be obtained on line for free, and is not something a legitimate company would do.

2. Make Sure the "digital signature" is valid.

KNOW YOUR DIGITAL SIGNATURE

I donâ€t know if you're like me, but my eyes glaze over when somebody mentions the words "digital signature".

Basically, it's just an electronic means of verifying that the email you received:

- Has originated from the source it claims to come from

- Hasnâ€t been intercepted and repackaged on the way.

An email that is "digitally signed" has a little red icon down in the lower left hand corner in the 'To...From' box.

Click on that icon and you can find information about the sender. Be sure your email client is "S/MIME" compliant. "S/MIME" compliancy is supported by over 350 million email clients, including Microsoft Outlook, Lotus, Novel, Netscape and MacMail.

As noted on the antiphishing site, this is unspoofable for two reasons:

- It is strongly encrypted.

- It is generated when you open the email, not at the source

The email client has validated four things on receiving this email:

1. The email address in the "From" field matches the one in the digital certificate.

2. The certificate was issued by a trusted authority.

3. The message wasn't tampered with in transit.

4. The certificate itself has not expired.

To put it simply, the certificate makes sure the email has indeed come from who it says it has come from, and hasn't been tampered along the way.

To see what the certificate looks like, check out:

http://www.antiphishing.org/smim-dig-sig.htm

THREE WAYS TO PROTECT YOURSELF.

There are three good ways you can protect yourself from "phishermen".

1. Call the company they supposedly represent. Don't respond to alarming statements demanding personal information online.

2. Don't open any links in the email. They can download "criminal ware" that can start gathering vital information off your computer.

3. Don't open suspicious emails unless you have an "S/MIME" compliant email client and can view and open that digital icon.

LOOKING FOR SUCKERS

The phishermen are out there and still looking for suckers. Based on the rise in reported incidents they are still finding them. Armed with a little knowledge and a healthy awareness, you won't end up in their "game bag".

You definitely don't want that... because the next stop is the frying pan.

Copyright 2006 John Young

Listed below are more articles related to the above article from the "Identity Theft" article category.

People interested in the above article "'Phishing' for Suckers: Two Things You Should Look For In An email" are also interested in the related articles listed below:

Online Reputation Management and Identity Theft Protection

Reputation is most important in anyone’s life. People generally do not bother or do not know about Internet Reputation Management and when they realize that someone has defamed them by posting an obscene video on Youtube or by publishing an article on the internet, it is too late and nothing could be done to take them out from net. It can be costly and difficult to investigate and take legal measures against the offender. If you know who the offender is, probably you could save your online reputation but not before the press adding spice to the news and creating a controversy. The whole world comes to know why you are defending yourself.

What is Identity Theft?

What is identity theft? Identity theft is a crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. Identity theft even sounds scary, doesn't it? Well, it can be! The good news is - you can take steps to protect yourself. Learn how to recognize and avoid identity theft. And... what to do if you become a victim of identity theft!

Computers and Consumers - Understanding and Avoid Identity Theft

The Internet has given over a billion people, worldwide, a way to instantly find information. The number of threats to a consumer’s security increases as the consumer connects with more computers, companies, and people online. The Federal Trade Commission says that all Internet users should understand the importance of online security and should take measures to protect themselves.

Providing You With Effective Technologies And Ways To Fight Privacy Theft

Identity theft is fast rising up on the list of crimes being committed in the US. Last year’s identity theft statistics state that almost 9.5 million Americans became victims of privacy theft, collectively suffering a loss of almost five billion dollars. Anybody can become a victim of privacy theft and in a day and age where information is already easily available, it is extremely important that you take all kinds of precautions to prevent identity theft.

Identity Theft

Do you own a computer without a keyboard? Do you own a home without electricity? Of course not, so why do so many people have credit cards and social security numbers without identity theft protection? It's the same thing as having a car without wheels. One can not function properly without the other. It just can't. Even the cave men eventually learned not to make fire without water or something to put it out with...

How to Prevent Identity Theft

identity theft is a serious crime, yet it's very rampant especially in the United States, based on statistics almost 9 million Americans are victims of identity thievery. This crime can take many forms and may result to varying degrees of damage from simple to catastrophic.

Fraud Alerts Combat ID Theft! - Is That Your Final Answer?

Overviews the initial and extended fraud alerts and points out the pros and cons of each when instituted to combat consumer identity alerts. Recommends the consideration of contracting the professional abilities of a credit watch service.