Phishing – pronounced “fishing” – is the latest form of identity theft. It’s when thieves act as if they are representing an organization and try to “hook” the consumer into providing personal information. Once the consumer is “hooked”, the thieves can do lasting damage to a consumer’s financial accounts. They can dupe consumers into providing their Social Security numbers, financial account numbers, PINs, mothers’ maiden names and other personal information. 
The thieves often pose as a:
- Financial institution
- Credit card company
- Online merchant
- Utility or other payee
- Internet service provider
- Government agency
- Prospective employer
Estimated to cost consumers $1.2 billion last year, according to research firm Gartner, Inc., phishing is perpetrated by both phone and e-mail, although e-mail is more prevalent.
Here’s how it works: Consumers receive an e-mail from an organization with which they do business. The e-mail typically includes bogus appeals such as problems with an account or billing errors, and asks the consumer to confirm his/her personal information. Different approaches include things such as “We’re updating our records,” “We’ve identified fraudulent activity on your account,” or “Valuable account and personal information was lost due to a computer glitch.” To encourage people to act immediately, the e-mail usually threatens that the account could be closed or canceled.
Most e-mails ask recipients to follow an embedded link that takes them to an exact replica of the victim company’s Web site. Graphics on the counterfeit site are so convincing that even experts often can have a hard time distinguishing the fake site from the real one.
Despite the convincing appeals, consumers should not respond to unsolicited e-mails that direct them to divulge personal identifying information. Reputable organizations that consumers legitimately do business with generally do not request account numbers or passwords unless the consumer initiated the transaction.
Unfortunately, by hijacking the trusted brands of well-known and reputable organizations nationwide, phishers are able to convince up to 5% of recipients to respond to them, according to the Anti-Phishing Working Group. Gartner, Inc. recently reported that more than 57 million Americans think they have received a phishing e-mail, and the FBI has called phishing the “hottest, most troubling new scam on the Internet.”
Use these common sense tips to help protect yourself against phishing and other forms of identity theft.
- Be suspicious if someone contacts you unexpectedly and ask for your personal information. Most legitimate companies do not operate that way.
- Do not click on links in e-mails that ask you to provide personal information. To check whether an e-mail or call is really from the company, call the company directly or go to its Web site (use a search engine to find it).
- Do not provide personal information (such as Social Security number, account numbers, PINs, passwords, and so on) via phone, e-mail or otherwise unless you initiated the contact with the trusted partner.
- If someone contacts you via phone or e-mail and says you’ve been a victim of fraud, verify the person’s identity, and contact the organization directly before you provide any personal information.
- If you manage any of your Bank accounts online, choose passwords that are difficult for others to guess and use a different password for each of your online relationships. Change the password frequently.
- Make sure the Web sites on which you transact business post privacy and security statements. Be sure to review them carefully.
- Do not send sensitive personal or financial information unless it is encrypted on a secure Web site. Regular e-mails are not encrypted. Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running in secure mode before you enter sensitive information.
- Check your monthly statements to verify transactions.
- Check your credit report twice a year and examine it thoroughly. This will reveal accounts that have been opened without your knowledge.
- Add a statement to your credit file that prohibits the granting of credit without calling you to confirm the application.
- Record the names, account numbers and customer service numbers of all cards you carry. This way you will have the necessary information you need if you have to cancel your cards immediately.
- Make it difficult for thieves to get “identifying information” from your mail or mailbox. Take envelopes containing checks and other sensitive information directly to the post office instead of leaving them in your mailbox.
- Shred or secure in a lockbox all documents with important identifying information on them, such as bank statements, credit card statements, pre-approved credit card offers and pay stubs.
- Carry only the credit card you would use in an emergency. Do not carry your Social Security card.
- Update your personal computer with security patches and install anti-virus software
Where You Can Go For Help
If you suspect that you’ve given information to a phisher, it’s important to act immediately.
If you inadvertently provided account numbers, passwords or PINs to a phisher, there are things you can do to protect your financial accounts. For information on how you can put a “fraud alert” on your files at the credit reporting bureaus, and for other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse by visiting www.consumer.gov/idtheft, or call 877-438-4338.
Even if you didn’t get hooked, you should report any phishing attempts by contacting the National Fraud Information Center/Internet Fraud Watch. Visit www.fraud.org or call 800-876-7060. You should also alert the company the phisher was impersonating, and their local law enforcement agency.
Other Resources
Use these resources to learn more about Phishing and Identity Theft:
Phishing
Home of the Anti-Phishing Working Group
www.antiphishing.org
How Not to Get Hooked by a ‘Phishing’ Scam
www.ftc.gov/bcp/menus/consumer/data/idt.shtm
Better Business Bureau Phishing Phacts
www.bbb.org/phishing/
Identity Theft
Department of Justice’s Web Resources on Identity Theft and Identity Fraud
www.usdoj.gov/criminal/fraud/idtheft.html
Identity Theft Resources from the Privacy Rights Clearinghouse
www.privacyrights.org/identity.htm
Identity Theft Resource Center, a nonprofit organization
www.idtheftcenter.org/
Victims' Resources
Identity Theft Prevention & Survival
www.idtheftcenter.org/
Department of Justice’s Web Resources on Identity Theft and Identity Fraud
www.usdoj.gov/criminal/fraud/idtheft.html
Identity Theft Resource Center
www.idtheftcenter.org/
Federal Trade Commission's ID Theft Clearinghouse
www.consumer.gov/idtheft
Information Provided by STAR Networks, Inc. – 2004
1. Protect your Social Security number, credit card and debit card numbers, PINs (personal identification numbers), passwords and other personal information. A thief can use these details to order checks or credit cards, apply for loans or otherwise commit fraud using your name.
Among the preventive measures you can take: Don't provide financial and other personal information in response to an unsolicited phone call, fax, letter or e-mail—it could be from a fraud artist masquerading as a legitimate business person or government official. Be particularly cautious with your Social Security number (SSN). Keep bank and credit card statements, tax returns, checks and other sensitive documents in a safe place at home. Shred these documents before discarding them.
Also, choose PINs and passwords for your bank and Internet accounts that will be tough for someone else to figure out. Do not use your birth date or home address, for example.
2. Deal only with legitimate, reputable businesses. Try to do business with companies you already know or that have been recommended. Do your research before giving money or personal information to an unfamiliar merchant (or charity or any other organization).
3. Get key details in writing and thoroughly check them out before agreeing to anything. Do not rely on a sales person's oral representations for a significant purchase or investment. Get as much written information as possible, including a contract, specifying cost information and your consumer rights.
4. Beware of "deals" requiring money up-front. "Congratulations, you've won a free vacation!" "Get rich quick—at no risk!" "We'll fix your credit problems—fast." Do these sound familiar? They're likely to be schemes to trick you into sending money or providing bank account information in exchange for promises of goods or services that will never be delivered. Be skeptical of any offer that's "free" or otherwise hard to believe and that, as a precondition, requires you to pay money (perhaps for a supposed "fee" or "tax").
5. Be extra careful when providing personal information over the telephone or Internet. Scam artists hide at the other end of the phone line or computer screen. So, don't give bank account information, Social Security numbers or personal data in response to an unsolicited phone call or e-mail. Remember that a legitimate company would never ask for passwords or other personal information by e-mail.
6. Safeguard your incoming and outgoing mail. It could include checks, credit card applications, bank statements and other items of value to a thief. Try to send and receive mail using locked mailboxes or otherwise secure locations. Remove incoming mail from your mailbox as soon as possible.
7. Stop bandits from recycling your trash into cash. Thieves known as "dumpster divers" pick through garbage looking for credit card applications, monthly bank statements, receipts, "loan checks" (mailed by financial institutions with offers to "write yourself a loan") and other documents they can use to commit fraud. Before tossing out these items, destroy them, preferably using a "crosscut" shredder that turns paper into confetti.
8. Limit the confidential information in your wallet in case it is lost or stolen. Do not carry around more checks, credit cards or other bank items than you need. Never keep passwords or PINs on or near your checkbook, credit card, ATM card or debit card.
9. Review your credit card bills and bank statements as soon as they arrive. If you notice something suspicious, perhaps a credit card purchase you did not make or an unauthorized withdrawal from your checking account, contact your financial institution immediately.
10. Monitor your credit report for warning signs of fraud. Most experts say you should check your credit report at least once a year from each of the three major credit bureaus: Equifax (800-685-1111, http://www.equifax.com/); Experian (888-397-3742, http://www.experian.com/) and TransUnion (800-888-4213, http://www.transunion.com/).
Excerpt from FDIC Consumer News Special Report on Fraud.
Step 1: Protect your finances
Contact the fraud departments of each of the three major credit bureaus. Get a copy of your credit report, which is free to ID theft victims. Ask that your file be flagged with a "fraud alert tag" and a "victim's statement." That will limit the thief’s ability to open new credit accounts, as new creditors will call you before granting credit, generally. Insist, in writing, that the fraud alert remain in place for seven years, the maximum, according to PrivacyRights.org.
Credit bureaus:
Step 2: File a police report
You will need a police report to dispute unauthorized charges and for any insurance claims. Be persistent; your local police department may suggest that this isn’t necessary, because they don’t want the paperwork hassle. Also, fill out an online ID Theft complaint with the Federal Trade Commission or call 1-877-ID-THEFT. That enters your case in the FTC’s “Consumer Sentinel” database, a nationwide list of ID theft cases which can be used by law enforcement officers to find patterns and catch criminals.
Step 3: Close all compromised accounts
The list may be wider than you realize. This includes accounts with banks, credit card companies and other lenders, and phone companies, utilities, ISPs, and other service providers. Dispute all unauthorized charges – The FTC offers a sample dispute letter on its Web site. Disputes may require a sworn statement and a police report. The FTC also offers a form affidavit which can be used for the sworn statement at www.ftc.gov/bcp/conline/pubs/credit/affidavit.pdf.
More HelpExcerpt from MSNBC News.
A credit card scam has grown in frequency. Please note that the callers do not ask for your card number because they already have it. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself. The scam works like this:
The person calling says, "This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge Number is 12460. Your card has been flagged for an unusual purchase pattern, and I am calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"
When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"
The caller continues - "I will be starting a fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?"
Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card.
The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?"
The caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.
You actually say very little, and they never ask for or tell you the card number. What the scammers want is the 3-digit PIN number on the back of the card. They will then have all data needed to charge a purchase to our card.
You can call VISA or MasterCard directly for verification of their conversation. The real VISA will never ask for anything on the card as they already know the information since they issued the card. If you give the scammers your 3 Digit PIN number, you think you're receiving a credit. However, by the time you receive your statement you'll see charges for purchases you didn't make.
Please pass this information on to family and friends. By informing each other, we protect each other.
Paul E. Brodeur Sr. Investigator
Department of Justice
33 Capitol Street
Concord, NH 03301
(603) 271-1253
fax: (603) 223-6245
It's your lucky day! You just won a foreign lottery! The letter says so. And the cashier's check to cover the taxes and fees is included. All you have to do to get your winnings is deposit the check and wire the money to the sender to pay the taxes and fees. You're guaranteed that when you get your payment, you'll get your prize. There's just one catch: This is a scam. The check is no good, even though it appears to be a legitimate cashier's check. The lottery angle is a trick to get you to wire money to someone you don't know. If you were to deposit the check and wire the money, your bank would soon learn that the check was a fake. And you're out the money because the money you wired can't be retrieved, and you're responsible for the checks you deposit - even though you don't know they're fake. This is just one example of a counterfeit check scam that could leave you scratching your head. The Federal Trade Commission, the nation's consumer protection agency, wants you to know that counterfeit check scams are on the rise. Some fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on the counterfeit check may be real, the checks still can be a fake.
These fakes come in many forms, from cashier's checks and money orders to corporate and personal checks. Could you be a victim? Not if you know how to recognize and report them.
Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including foreign lottery scams (as described above), check overpayment scams, Internet auction scams, and secret shopper scams. check overpayment scams target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier's checks, corporate checks, or personal checks. Here's how it happens: A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer's check bounces, the seller is left liable for the entire amount. In secret shopper scams, the consumer, hires to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience - but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer's money.
Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.
Under federal law, banks must make funds available to you from U.S. Treasury checks, official bank checks (cashier's checks, certified checks, and teller's checks), and checks paid by government agencies at the opening of business the day after you deposit the check. For other checks, banks must similarly make the first $100 available the day after you deposit the check. Remaining funds must be made available on the second day after the deposit if payable by a local bank, and within five days if drawn on distant banks. However, just because funds are available on a check you've deposited doesn't mean the check is good. It's best not to rely on money from any type of check (cashier's, business or personal check, or money order) unless you know and trust the person you're dealing with or, better yet - until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check. Here's how to avoid a counterfeit check scam: - Throw away any offer that asks you to pay for a prize or a gift. If it's free or a gift, you shouldn't have to pay for it. Free is free.
- Resist the urge to enter foreign lotteries. It's illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
- Know who you're dealing with, and never wire money to strangers.
If you're selling something, don't accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don't send the merchandise. As a seller, you can suggest an alternative way for the buyer to pay, like an escrow service or online payment service. There may be a charge for an escrow service. If the buyer insists on using a particular escrow or online payment service you've never heard of, check it out. Visit its website, and read its terms of agreement and privacy policy. Call the customer service line. If there isn't one - or if you call and can't get answers about the service's reliability - don't use the service. To learn more about escrow services and online payment systems, visit ftc.gov/onlineshopping. If you accept payment by check, ask
|