What is Phishing?

by Inetplanet Webmaster

Phishing is a term applied to scams designed to get computer users to provide private information that can be used to swindle the user. These fraudulent schemes often appear in the form of an email message; supposedly from some company the users trusts like a bank or credit card company.

In this type identity theft scam, the user receives an email usually bearing the logo for a bank or creditor. The email tells tries to trick the user into supplying information such as account numbers, passwords, pins, social security numbers, and so on. The email may appear quite legitimate. Sometimes email address "spoofing" is used to make it look like the email actually came from the creditor.

One can avoid falling for these schemes by understanding that creditors to do not normally request this type of information, especially in an email message. Typically, the perpetrator of this scam warns the user that someone may have accessed their account fraudulently, and that the user must log into the company's web site immediately to confirm account information and/or avoid charges. The link provided in the email actually takes the user to an impostor web site used to steal the private data. One way to detect this trick is to point to, but not click on the URL (web address) text in the email message. Most web browsers and email programs will display the actual destination in the status bar at the bottom of the screen. In doing this the user will likely notice that the name of the web site is not Kosher.

Inetplanet has received complaints from clients who have received these type of email messages trying to gather information for account holders of Chase Bank, Bank of America, PayPal, Citibank, Ebay, and others. It's quite obvious when one gets hit with a phishing email for some company that the user does not do business with. If, on the other hand, the user actually has an account with the firm mentioned in the message, there is a strong inclination to take it at face value. The moment of panic that occurs when one believes that their account security has been breached overshadows the user's skepticism.

The following is a legitimate warning from Chase Bank concerning these scams:

Dear Valued Customer, We want you to be aware of e-mail scams that attempt to steal your personal and/or account information. Known as "Phishing," these scams consist of an e-mail that looks like it came from Chase (complete with the Chase logo) and usually takes an urgent or demanding tone. It is not our practice to send - and you should never respond or reply to - e-mail that: Requires you to enter personal information directly into the e-mail or submit that information some other way. Threatens to close or suspend your account if you do not take immediate action by providing personal information. Solicits your participation in a survey where you are asked to enter personal information. States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information. States that there are unauthorized charges on your account and requests your account information. Asks you to enter your User ID, password or account numbers into an e-mail or non-secure webpage. Asks you to confirm, verify, or refresh your account, credit card, or billing information.

Users who receive phishing emails should delete the message without clicking the links contained in the email. The email can be forwarded to the Federal Trade Commission for fraud investigation at spam@ftc.gov or to the institution being impersonated for investigation purposes. Phishing schemes can also be reported to reportphishing@antiphishing.org.

	Enter your search terms Submit search form
	Web www.iNetPlanet.net

Security Help Center Home

© Copyright 2007 iNetPlanet, llc