Phishing schemes still causing problems
December 7, 2005
During the middle of last year, we wrote about the threat of phishing schemes, where bad guys send e-mails to unsuspecting recipients falsely claiming to be legitimate companies in an attempt to trick the reader into visiting a bogus website. Once there, they’re asked to provide social security numbers, credit card numbers or bank account information that can be used in identity theft. Until recently, the growth of the schemes has averaged 26 percent per month, according to Anti-Phishing Working Group, though growth is slowing. Having written about this subject in the past, I should’ve known better when I received a particularly clever phishing e-mail. The e-mail supposedly came from PayPal and warned that my account would be suspended if I didn’t update my credit card expiration date. What made the e-mail so compelling was that it included the last four digits of my credit card. Furthermore, this credit card was indeed about to expire. Knowing this, I decided I better take action and visit PayPal to update the information. Out of caution, I guess, I logged into the PayPal site directly instead of clicking through the link. I looked for my credit card information and realized that I had never even put my card on file with PayPal!
While I avoided being duped, I still found the e-mail compelling enough to spur me to action. Scary. Given the growing sophistication of these schemes, we felt it was time for an update on the threats.Schemes become more sophisticatedPhishing schemes have become far more sophisticated and difficult to spot, and experts fear that future attacks could be so well-executed that users could unknowingly end up on a bogus site and have no easy way of even discovering they’ve done so.
If there is one thing you should always remember, it’s never to give personal information when prompted by e-mail, or even when landing on a site you’re familiar with. Always initiate the process yourself from a “fresh browser page” and by visiting a site directly. For more complete information on how to avoid getting hooked, check out http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm. Microsoft also offers great information on all these threats at http://www.microsoft.com/athome/security/privacy/default.mspx.You can also e-mail email@example.com.