Phishing (or email fraud) is one of the fastest growing online frauds today. Phishing uses spam email to defraud victims. Phishing is becoming increasingly common – and increasingly dangerous.
Phishers send out emails falsely claiming to be an legitimate company in an attempt to scam users into surrendering private information that will be used for identity theft. The email directs the user to a website where they are asked to update personal information. This can include usernames and passwords, credit cards, social security, bank account numbers and other sensitive information that the legitimate organization already has on file.
This website is bogus even though it looks identical to the legitimate site. Once a customer has updated their data, the phishers steal the identity and run up bills in your name or use the information to commit other crimes.
A common phishing technique involves creating the impression that there is an immediate need for personal information, luring unsuspecting users to quickly click on a link to these bogus sites. By spamming large groups of people, phishers can convince up to five percent of email users to reveal sensitive and personal information.
Even Scarier – Spear Phishing
A step up in complexity is phishers who gather information about you or your company and use it make the email seem even more legit.
For example, several Bower Web Solutions customers have received emails purporting to be from us requesting email passwords. How did they get this information? Most likely by looking up your domain on public whois directories to determine where your dns was hosted, much like old school telemarketers used the phone book to get your name and address before calling you.
Spear phishing emails can get quite sophisticated, looking like legitimate vendors or clients.
Email Fraud Prevention Tips
One of the easiest ways to protect yourself from phishers is to take simple precautions:
- Do not respond to unsolicited emails that ask for any personal information regardless of how urgent the request appears. Legitimate companies do not ask for personal or sensitive information in this format. If you are concerned about your account – contact the company directly using an email address or phone number that you know is legitimate.
- Do not email any personal your financial information. If you initiate a purchase online, look for indicators that the site is secure. E.g. a lock icon, a url that begins with “https:” (the “s” stands for secure)
- Review your credit card and bank statements as you receive them to ensure that all transactions are legitimate.
- Get spam and antivirus protection such as Bower Web Solution’s Email Defense product. Using the same methods to detect spam, phishing emails can be identified and filtered out of inbound email to stop you from receiving them. Contact us for more information.
- Report anything suspicious. Contact the legitimate company in the suspect email using an email address or phone number that you know is correct.
- Information about known attacks is available from and can suspected phishing can be reported to the Anti-Phishing Working Group.
Think You Have Been “Phished”?
If you believe that you responded to a phishing email and provided sensitive and personal information to a bogus website:
- Contact the legitimate company in the suspect email using an email address or phone number that you know is correct.
- Contact your credit card company and request that a fraud alert be placed on your card(s).
- Take preventative action for the future through awareness and by investing in an anti-spam and anti-virus service.