It usually starts with an email that shows up with an urgent and scary message telling you that your account might be closed or that some important personal data has been lost by an organization you do business with. It's called "phishing" with a "ph." Despite the cute name, it's a very nasty thing indeed.
Phishing, as in phishing for information, is what happens when someone pretends to be an organization you do business with and tries to get you to share private or personal information. That could be social security numbers, account numbers, passwords and anything that the bad guy can use to steal your money or your identity.
Identity theft costs folks like you and me $60 billion a year and phishing is number one on the bad guy's hit parade as a way to get your information. Phishing isn't good for business, either.
When a phisher impersonates a bank and then cons bank customers out of their personal information, the bank pays to the tune of $100,000 to $150,000 per incident. That's just the cost in money. There's a reputation cost, too..
Phishing began on AOL in the mid nineties. AOL charged by the minute back then and phishing was probably invented by someone who wanted to spend lots of time on AOL, but didn't have enough money to pay the bill. Solution: get someone else to give you their password.
Phishing was pretty simple then and mostly used instant messages. Later phishing schemes used email, though, in the beginning, really awful language was often a tip-off that the email wasn't legitimate.
Today, things are a lot more sophisticated. You might get an email that purports to be from your bank, complete with what looks like a valid email return address. The message says that something bad will happen to you if you don't respond.
A link is provided to take you to a Web site where you can enter the information and set things right. The Web site you wind up on may look a lot like your bank's site, but it's really a front that some criminal or criminal organization is using to collect sensitive personal and private information from unsuspecting account holders.
Those emails and the Web sites have been getting more sophisticated lately. And the number of new phishing messages is increasing by more than fifty percent a month.
So, phishing is a fact of life if you're on the Net. Here are five tips to help you deal with it and protect yourself and your information.
Tip number 1 - Expect phishing to increase. It's just too easy to do, too potentially lucrative, and too easy for the bad guys to avoid getting caught for anything else to happen.
Tip number 2 - Forget everything you've read about how to check the message headers or the Web link to determine if what you've got is a phishing message. The technology is a moving target and unless technology is your business, you simply won't be able to keep up.
Tip number 3 - Be skeptical. Be very, very skeptical of any email that is urgent or scary and asks you for personal or private information.
Tip number 4 - Remember that your financial institutions and other organizations you trust simply don't ask you via email to verify information, or ask you to go to a Web site and tell them things they should already know. They don't use email to tell you they're going to close your account.
No, my friend, they use postal mail for that. Any email that is urgent or scary and asks you for personal and private information is probably a phishing expedition. You can probably ignore it. But if you don't want to ...
Tip number 5 - If you have any doubt, check it out. Call or email the institution who supposedly sent you that scary email. Just be sure to use a phone number or email address that you've had in your files for a while. Make physical visit if that's convenient.
It's a sad situation, but there it is. Unless you want to be the phish hooked on some criminal's line, you're just going to have to watch out for yourself and avoid grabbing the bait.
19 April 2004
Click here for some resource links on phishing.
Reprinting and Reposting This Column
You may reprint or repost this article providing that the following
conditions are met:
- The article remains essentially unaltered.
- Wally Bock is shown as the author.
- The notice Copyright 2004 by Wally Bock or similar appears on the article.
- Contact information for Wally is included with the article. You may refer readers to this Web site as a way to meet this requirement. Please link to http://www.bockinfo.com/
- Here is the wording we suggest when linking to this site. "The article you've just read can be found on Wally Bock's extensive Resource Web site along with many other articles and resources."
Any other reprinting or reposting requires specific permission which is almost always
granted. Click here to request permission if necessary.
