Phishing/Scamming: Why You Shouldn’t Take The Bait!
One
of the primary reasons for the severe increase in phishing/scamming
among and individuals and smaller organizations is that online
criminals believe these institutions and people do not possess the
resources, knowledge or employees to protect themselves or respond to a
phishing/scamming attack. Many of the larger banks, retailers and ISPs
have already been targeted and, therefore, have implemented
countermeasures.
According to the Anti-Phishing Working Group (APWG),
a global, pan-industrial and law enforcement association chartered to
eliminate phishing, pharming and e-mail spoofing, phishing attacks have
reached an all-time high. Last November, 16,882 attacks were reported,
up from 8,975 in November 2004. And these attacks do not come without
substantial risks. Victims of identity theft have experienced
everything from having their bank accounts depleted to having hundreds
of credit card transactions falsely charged to them, to having luxury
cars purchased in their name.
How Does Phishing Work?
Phishers
do not need access to an organization’s network to implement a phishing
scam. They can simply browse a company’s Web site, grab screenshots of
the customer log-in page and mount a copy of that page onto another
server.
From there, a phisher/scammer can target an
organization’s customers, sending them e-mails (or by making phone
calls) that appear to be from a legitimate source, leading the client
to the spoofed log-in page where they are tricked into revealing
confidential account information. Once entered, the customer is
immediately directed back to the legitimate Web site. Therefore, there
is little to alert the customer that they have been scammed. From the
earliest examples, which were easily detectable (often containing
obvious grammatical errors); phishing e-mails have grown in
sophistication and design to the point of being nearly
indistinguishable from the real thing. Phishing/scamming appeals to a
customer’s sense of panic, maintaining that there is an emergency
situation that demands the immediate verification of account
information or the account will be closed.
Although there are
tools available to detect when someone is scanning an organization’s
site and retrieving its graphics, many times the activity is
legitimate. Therefore, security analysts will end up with false
positives. In other instances, phishers are able to dynamically
retrieve the graphics from an organization’s customer log-in page
almost instantly. By the time the company realizes it is being scammed,
a bogus site has already been launched.
Network security
companies also are beginning to see phishers use a combination of
phishing and hacking to launch scams against their clients. Thus, if
one phishing site is taken down, another automatically pops up. In one
particular case, the phishers hacked into 11 computers in 11 different
countries and used them as platforms to host the sites, using
compromised desktops to send fraudulent e-mails.
Unfortunately,
phishing scams have evolved to not only target an organization’s
customers, but also their employees. Termed "spear phishing," this type
of scam is designed to wrangle information out of unsuspecting
colleagues so that the phisher/scammer can then access secure areas of
corporate networks.
One recent event targeted executives,
including CEOs, of numerous credit unions across the country. The
messages, appearing to be from a credit union affiliate, asked
executives to confirm that their company was a federally recognized
institution. Recipients who clicked on the link were taken to a Web
page that attempted to download a Trojan horse onto their desktops.
In
most cases, anti-virus software blocked the Trojan. If an attack had
been successful, then the phisher/scammer could have potentially gained
access to systems that control thousands of bank accounts, rather than
just one or two.
The VoIP Threat: SPIT
Yet
another emerging technology that has the potential to be rife with
phishing/scamming threats is VoIP. As more and more companies and home
users adopt VoIP systems, the potential for phishers to spam
individuals and solicit personal information increases dramatically.
Termed spam over Internet telephony (SPIT), a phisher can literally set
up a computer to randomly dial hundreds of phone numbers leaving a
voicemail message. Through VoIP, this voicemail is automatically
transmitted into the user’s e-mail inbox. When played, the sound file
can appear to be very authentic; making the call-to-action appears to
be legitimate, thus leading the unsuspecting victim to provide their
bank account or personal information.
How to Protect Yourself
1.
If you’re selling products from a website always verify your customers
identity the old-fashioned way, by talking to your customer and also by
calling the actual credit card issuer to make sure you’re selling to
the person that is calling you for the sell.
2. If you’re called by anyone and asked to provide personal information over the phone hang-up immediately.
3. Only ship to the actual “verified” billing address.
4. If you have to accept a “check” wait at least 7-10 days for it to clear prior to shipping.
5. Require wire transfers for all international orders unless you’re able to follow the guidelines in step 1.
6.
Be aware that these scammers will often use the telephone company’s
“relay service” in order to hide their true accent and/or identity.
7. Be aware of “instant messages” that they use to cause you to ship to another (unverified) address.
8. 80% of these scammers will try to get you to ship to Nigeria (W. Africa) while calling from the UK.
9.
If skeptical, insist on getting a call back telephone number (and check
it by calling) while also requiring that they call you also to verify
their identity.
10. If they are outside of the USA and insist on
using Money Orders, E-Checks, (Western Union) Bid Pay or Cashiers
Checks you probably are being scammed!
It is apparent from the
statistics that phishing/scamming attacks are not going away any time
soon. However, as the old adage goes, "The best defense is a good
offense."
DPL-Surveillance-Equipment.com
is a world leader in providing anti-terrorist surveillance and security
equipment to Government, Law Enforcement, Private Investigators, small
and large companies worldwide. We also have one of the largest
varieties of state-of-the-art surveillance and counter-surveillance
equipment including Biometric Identification Systems, Personal
Protection (recommended for our female customers) and Bug Detection
Products.
Buy, rent or lease the same state-of-the-art
surveillance and security equipment Detectives, PI’s, the CIA and FBI
use. Take back control!
Phone: (1800) 548-2939 Ext. 01
Local: (818) 344-3742
Fax (775) 249-9320
Monty@DPL-Surveillance-Equipment.com
AOL Instant Messenger
DPLSURVE32
Skype
Montyl32
Yahoo Instant Messenger
Montyl32
Alternate Email Address
montyl32@yahoo.com
Join my Yahoo Group!
