One of the most common methods of obtaining personal information to be used in Identity Theft is called “phishing” (or “spoofing”). The Federal Trade Commission and the FBI have both issued warnings regarding this practice. They have indicated that there is a growing number of Internet criminals who use this method to steal information from the unsuspecting.
Jana Monroe, Assistant Director for the FBI’s Cyber Division issued a related press release. In it, she warns that “bogus emails” are currently the hottest scam on the Internet. These emails are designed to gather personal information from their victims.
Phishing scams can range from a simple letter to a sophisticated imitation “customer service” website. There has been a steady increase in the number of complaints to the FBI regarding unsolicited fraudulent emails. These emails will attempt to link consumers to phony websites that will ask for sensitive account information. Here is an example:
Sent: Tuesday, November 15, 2005 11:18 PM
Subject: Important – Account Verification
Dear eBay User,
We have sent you this email because we reasons to suspect that your eBay account has been
compromised. To prevent subsequent fraudulent account activity, we will conduct an investigation regarding this serious matter.
Per the eBay User Agreement, Section 9, we must immediately issue a warning, temporarily suspend, or terminate your membership if we believe that your account actions may result in financial loss or legal liability for you, our users or eBay. We may also be required to take these actions if we are unable to authenticate any information that you provide to us.
If your account information is not updated within the next 48 hours, then we will assume this account is fraudulent and it will be suspended. We apologize for this inconvenience, but the purpose of this verification is to protect you and ensure that your eBay account has not been illegally used and to combat fraudulent practices.
Please login into your account using this link, which is an SSL secured connection:
Safe Harbor Department
An unsuspecting eBay user who receives this type of email may not understand the dangers involved. By clicking on the link provided in the email, they will be led to the scammer’s website. The website, itself, will be designed to look like an authentic eBay customer service website. The website will then request information such as user name, password, credit card information, etc. This personal information can then be used for identity theft.
Assistant Director Monroe points out that an email “spoof” will contain a header that closely resembles one from a legitimate source. This is done to get the recipients to open the email and possibly respond. The most effective way of spoofing involves gaining unauthorized access to a computer. In this way, a phishing email can be sent with an IP address that appears to come from a trusted source. However, the link at bottom of the letter will be altered in order to send it to the hacker’s address instead of a legitimate site. The hacker will ensure that if someone clicks on that link, they will be led to a site that closely resembles a legitimate one. Then there is a good chance that the victim will input the requested “update your account” information.
• An actual request for updated information is never legitimately done by providing a link in an email to click on. Beware of those that do.
• If you need to update your account information, go directly to that company’s main website and sign in.
• An unfamiliar website address is most likely a fake. Always go to the address you have used before and open your normal homepage.
• Report suspicious email to your ISP.
• Use secure websites when doing business online. A secure site will have https:// (note the ‘s’ in front of http) in front of the page’s website address. You can also look for the lock that will be located at the bottom of the browser.
• Most legitimate sites will have short URL addresses (usually with .com or .org at the end). Fraudulent sites will likely have long addresses with the name of the legitimate site buried in the middle.
• You can send a questionable URL directly to the main company and ask about its legitimacy.
• If you are a victim of fraud, contact your local authorities. You should also file a complaint with the FBI’s Internet Fraud Center