|
Have you been “phished” yet? Have you received an email or a pop-up that purportedly is from a bank, or E-Bay, or your ISP? Did it ask you to verify account information by having you click on a link to go to a website, or perhaps to fill out and email back an attached form. Yes? You have gotten one of those?
Congratulations. You’ve been “phished.”
This defination is courtesy of http://inews.webopedia.com/TERM/p/phishing.html
“PHISHING: (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information.
By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Other forms: phish (v.)” The criminals practicing this sophisticated scam have become proficient at hiding the signs of fraud. Some of the early attempts linked to IP addresses instead of the purported legitimate URL (Uniform Resource Locator). You will need to look at the actual HTML code in the purported link to see that it actually goes to an IP address.
But. Don’t bother. The IP address you see probably belongs to an “innocent” user whose computer has been hijacked by the criminal, and is being used “in the background” without their knowledge. They are almost certainly a cable internet customer or a DSL customer. Sometimes it is even a computer on a school campus that has been compromised, although that is happening less frequently.
That is not the reason to not waste your time trying to determine if the email is “legitimate,” however. You can safely assume that any such email you receive is fraudulent. Every single one. No financial institution will ever use email or a pop-up window to ask you to go online to confirm your account information. Never. Nor will an ISP, mortgage company or online store.
The criminal sending these fraudulent emails sets up the fraud by downloading the website of a legitimate business. In this case, banks are the prime target, and Citi-Bank is the bank currently the target of the most frequent scam attempts. (Others targets include E-Bay, and virtually every major bank including Key Bank, US Bank and Bank of America.)
After downloading the website, the criminal sets up a mechanism to capture the account information that you submit to “confirm” your account information. Once you so helpfully “update your account information” they have full access to your account, and any funds or credit lines associated with the account.
While strictly speaking this is not identify theft, it certainly is fraudulent, costs you money and time and upset, and may lead to full blown ID theft.
For more information on the problem of “phishing,” visit the following websites:
Remember, never provide this kind of information online as a “confirmation” or if you ever have even the slightest inkling that something requested may not be right. If your bank wants you to confirm information they will mail you or call you. If they call you, hang up and call back to a known good number. (That’s another whole scam that continues to plague us. Never give out sensitive information over the phone unless you initiated the phone call!)
Remember, your safety and security ultimately is your responsibility and none other. | 
