How Criminals are Phishing to Commit Identity Theft and Fraud

Phishing is a technique that criminals use to commit identity theft and fraud. CreditGUARD of America, a non-profit credit counseling agency, explains how to spot phishing and protect yourself from identity theft.

June 1, 2004 -- Identity theft is something most people think will never happen to them. However, this type of crime is steadily growing and is wreaking havoc on credit and banking industries. In the last five years, the Federal Trade Commission (FTC) estimates more than 27 million American adults have been victimized by identity theft criminals.*

During January to December 2003, Internet related fraud accounted for 55% of all identity theft complaints.**

What is Phishing?

Phishing is a general term for criminals that use online technology (emails and websites) to mask themselves as legitimate businesses, financial institutions, and/or government agencies, giving consumers enough comfort level to disclose bank accounts, credit card information, or other personal data (social security numbers, usernames and passwords). These criminals, known as phishers, then steal your identity to make unauthorized purchases, open new credit accounts, and/or spread computer viruses. Incidents of this type of identity theft are getting worse. During the first quarter of 2004, law enforcement authorities, businesses and consumers saw a significant increase in the use of phishing.

How Do Phishers Trick Consumers into Giving Their Personal Data?

Phisher will create a phishing email that on the surface will appear to come from a legitimate business, financial institution, or government agency. Then the identity thief will spam (mass email) thousands of consumers email addresses. What these criminals count on is that some of these targeted consumers have existing relationships with the legitimate entity.

What do these phishing emails look like? These criminals are very clever, oftentimes cutting and pasting the logos, content and company information from the legitimate entity into the email. The phisher will insert false statements to create a sense of urgency with a corresponding link so the consumer can go and fix the problem. Here are some of the false statements identity thieves are using:***

* Our company has decided to test for free the security of the email services that you useHoping you have understood that we are doing all these for your own safetywe suggest you access the following form.
* we have detected a slight error in your informationupdate and verify your information by clicking the link belowif your account information is not updated within 48 hours then your ability to use your [company] account will be restricted.
* During our regular update and verification of the [type of account], we could not verify your current informationas a result your access to use our services has been limitedTo update your account information and start using our services please click on the link below

If the consumer clicks on the link in the phishing email, it will take them to a dummy website where consumers are encouraged to fill out a form, putting bank accounts, credit card information, or other personal data into the hands of the identity thief. This fake website can look exactly like the legitimate business, financial institution, or government agency theyre mimicking. The phisher will put logos, content and company information from the legitimate entity into the dummy website.

The clever identity thieves use technology to expose browser vulnerabilities and mask the URL (Uniform Resource Locator) to resemble the domain of the legitimate company.

How to Protect Yourself From Identity Theft

There are many ways consumers can protect themselves from phishing and other types of identity theft. The Department of Justice recommends that consumers use three basic rules when dealing with questionable emails and websites: Stop, Look and Call.****

* Stop Phishers include false statements to deliberately upset or excite you. The identity theft is counting on the fact that you will react to the email on impulse, click on the link and give them your personal data. Resist your impulse to click and take the time to examine the email more closely.
* Look Examine the email and take a moment to consider if the contents make sense. Be suspicious of any email encouraging you to give out your bank accounts, credit card information, or other personal data.
* Call If you think the email may be legitimate, take the time to look up the companys phone number and call to verify the emails contents. Do not call the phone number in the email because it may be false. Instead, call the toll-free customer service number on the back of the card or your account statement.

Additionally, you should sign up for a credit monitoring service to notify you when someone accesses your credit report and/or tries to open new lines of credit. CreditGUARD of America has created the Coach Credit Scout (http://www.creditguardcoach.com) to monitor your credit report 24 hours a day, 365 days of the year. When signing up for the CreditGUARD Coach (which provides you valuable credit analysis and step-by-step instructions on how to improve your credit), you receive a 30-day free trial of Coach Credit Scout.

If you suspect that you have fallen for a phishing scheme, you should immediately file an online complaint with the Internet Crime Complaint Center (http://www.ic3.gov). For further instructions on what to do if your identity has been stolen, visit the FTC National Center for ID Theft (http://www.consumer.gov/idtheft/).

CreditGUARD of America is a non-profit credit counseling agency that assists consumers through debt counseling and financial education. Please visit our web site at www.creditguard.org or call 1-800-867-0406 for a free consultation with a certified credit counselor.

* Federal Trade Commission Identity Theft Survey Report. Incidence of Identity Theft. Sept. 2003. Synovate (http://www.ftc.gov/os/2003/09/synovatereport.pdf)

** National and State Trends in Fraud & Identity Theft: January December 2003. Executive Summary. 22 Jan. 2004. Federal Trade Commission (http://www.consumer.gov/sentinel/pubs/Top10Fraud2003.pdf)

*** Phishing Archive. Last Update 25 May 2004. Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.htm)

**** Special Report on Phishing. What Should Internet Users Do About Phishing Schemes? Department of Justice: Criminal Division (http://www.usdoj.gov/criminal/fraud/Phishing.pdf)

# # #

This article courtesy of  http://www.identitythefthq.com.
You may freely reprint this article on your website or in
your newsletter provided this courtesy notice and the author
name and URL remain intact.
 

 

Advertise here!

Sign up for our identity theft   newsletter here!

Enter Email Address Here:

 

http://www.identitythefthq.com is an information web site focused on Identity Theft. http://www.identitythefthq.com does not represent or endorse the accuracy or reliability of any of the information, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website. Any complaints should be directed to the individual businesses. Mention of and links to third party companies and products are for informational purposes only and constitute neither an endorsement nor a recommendation and are not intended to suggest any affiliation unless expressly stated. http://www.identitythefthq.com reserves the right in its sole discretion and without any obligation to make improvements to or correct any error or omissions in any portion of the Service.