The FBI, Federal Trade Commission (FTC) and Earthlink have jointly issued a warning on how the growing ranks of Internet crooks are using new tricks called "phishing" and "spoofing" to steal your identity.
In an FBI press release, Assistant Director of the agency's Cyber Division, Jana Monroe says, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet.
The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "Customer Service" type of web site. Assistant Director Monroe said that the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.
"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.
In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.
"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.
"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet Service Provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.
FBI Offers Tips on How to Protect Yourself
•If you encounter an unsolicited e-mail that asks you, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.
•If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.
•If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.
•Always report fraudulent or suspicious e-mail to your ISP.
•Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
•Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
•If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is legitimate.
•If you've been victimized, you should contact your local police or sheriff's department, and file a complaint with the FBI's Internet Fraud Complaint Center at http://www.IFCCFBI.gov.
Additionally,
The Jury Duty Scam...
The FBI and U.S. Courts are warning consumers to be alert for an increasingly common -- and effective -- telephone-based identity theft threat known as "the jury duty scam."
In the jury duty scam, the scammer, posing as a local court worker, tells you that a warrant has been issued for your arrest because you failed to report for jury duty. Since you probably had not received a jury duty notice, you will say so. At this point, the scammer will ask for your date of birth and Social Security number so that he or she can "verify" your jury duty notice. Of course, a Social Security number and date of birth are all the identity thief needs to make your life downright miserable. But wait, there's more. Depending on your willingness to give up your basic information, the emboldened scammer may go on to ask you for credit your card information.
The jury duty scam works on the victims' emotions. The shock of being told they are about to be arrested will place most people off guard and less vigilant about protecting their personal information.
Real U.S. court officials want you to know that the courts never ask for any personal information over the telephone. In reality, courts typically follow up with prospective and no-show jurors by conventional mail, rarely, if ever, by telephone.
The jury duty scam has been reported sporadically since fall of 2005 in Michigan, Ohio, Texas, Arizona, Illinois, Pennsylvania, Minnesota, Oregon and Washington state. The scam has most recently been reported in California. Warnings about the jury duty scam have been posted on both the FBI and U.S. Courts Websites.
Protecting yourself against telephone-based identity theft is really simple. Unless you have initiated the call, and intend to do so, never give out your personal information over the telephone.
Banking Information Verification Scam...
Emails falsely claiming to be from the likes of Citibank, NatWest, and other reputable banking entities attempt to entice recipients into divulging their ATM/Debit card and PIN numbers. Those who click on the link will be directed to an authentic banking site, but a small window asking for pertinent account info will also be displayed. This small window is not from the banking site. Instead, it captures the sensitive data and sends it to the miscreants behind the malicious email.
Following is a sample of one such email:
Dear Citibank Member,
This email was sent by the Citibank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM. This is done for your protection -I- because some of our members no longer have access to their email addresses and we must verify it.
To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL)p, copy and paste the link into the address bar of your web browser.
Unsuspecting users who click the link and enter the information requested into the small popup window will risk having their bank accounts compromised.
This banking scam is widespread throughout the world, affecting a large number of banks and their customers.
To protect yourself from such scams, remember the following:
•A legitimate financial institution will never ask for your account information via an email
•Do not follow links provided in an email requesting any form of financial information
•Call your local bank and ask for verification before responding to any form of electronic correspondence alleging to be from your bank
E-Bay & Pay Pal Scams...
Reputable firms such as eBay and PayPal have been besieged by email scammers attempting to pilfer valuable credit card details from unsuspecting customers. These emails often are quite well-done and look very authentic. However, a seasoned eye can quickly ferret out the truth. Those less savvy may want to follow a simple bit of advice: never follow a link in email unless you absolutely trust the sender. If you'd like to move from unsavvy to seasoned, here's how to ferret out malformed link scams.
Understanding HTML links
HTML is the programming language that tells a browser how to render a web page. You can use HTML in email and many people do. However, doing so makes it very easy for links in email to appear to point to one site, when in fact they point to another.
Links in HTML are created by a special tag. There are two components to the tag, the real link (i.e. the target) and the displayed text for that link.
Michael Hathman
VP - Smart Solutions Financial Services, LLC
12141 Natural Bridge Road
Bridgeton, MO 63044
(888) 955-3340 - Toll-Free
(636) 533-4070 - Office
Info@SmartSolutionsFS.com
www.SmartSolutionsCreditRepair.com
No comments:
Post a Comment