Phishing (or email fraud) is one of the fastest growing online frauds today. It uses spam email to defraud victims. Phishing is becoming increasingly common – and increasingly dangerous.
Phishers send out emails falsely claiming to be an legitimate company in an attempt to scam users into surrendering private information that will be used for identity theft. The email directs the user to a website that asks them to update personal information. This can include usernames and passwords, credit cards, social security, bank account numbers and other sensitive information that the legitimate organization already has on file.
This website is bogus even though it looks identical to the legitimate site. Once a customer has updated their data, the phishers steal the identity and run up bills in your name or use the information to commit other crimes.
A common phishing technique involves creating the impression that there is an immediate need for personal information, luring unsuspecting users to quickly click on a link to these bogus sites. By spamming large groups of people, phishers can convince up to five percent of email users to reveal sensitive and personal information.
Even Scarier – Spear Phishing
A step up in complexity is phishers who gather information about you or your company and use it make the email seem even more legit.
For example, several Bower Web Solutions customers have received emails purporting to be from us requesting email passwords. How did they get this information? Usually just by looking up your domain on public whois directories to determine where your dns was hosted. This is much like old school telemarketers who used the phone book to get your name and address before calling.
Often spear phishing emails will be copies of legitimate emails from vendors or clients with only a few links or details changed.
Email Fraud Prevention Tips
One of the easiest ways to protect yourself from phishers is to take simple precautions:
- Do not respond to unsolicited emails that ask for any personal information regardless of how urgent the request appears. Legitimate companies do not ask for personal or sensitive information in this format. If you are concerned about your account – contact the company directly using an email address or phone number that you know is legitimate.
- Do not email any personal your financial information. If you initiate a purchase online, look for indicators that the site is secure. E.g. a lock icon, a url that begins with “https:” (the “s” stands for secure)
- Review your credit card and bank statements as you receive them to ensure that all transactions are legitimate.
- Get spam and antivirus protection such as Bower Web Solution’s Email Defense product. Gpod spam programs also identify phishing emails and filter them to stop you from receiving them. Contact us for more information.
- Report anything suspicious. Contact the legitimate company in the suspect email using an email address or phone number that you know is correct.
- Information about known attacks is available from and can suspected phishing can be reported to the Anti-Phishing Working Group.
What to do if You Were “Phished”?
If you believe that you responded to a phishing email and provided sensitive and personal information to a bogus website:
- Contact the legitimate company in the suspect email using an email address or phone number that you know is correct.
- Contact your credit card company and place a request to place a fraud alert on your card(s).
- Take preventative action for the future through awareness and by investing in an anti-spam and anti-virus service.