A phishing scam is the process of attempting to get sensitive information such as credit card details, usernames, passwords and social security numbers by pretending to be a trustworthy organisation.
Phishing e-mail messages can take a number of forms. They might appear to come from your online bank or financial institution, auction sites such as eBay, online payment processors such as PayPal, a company you regularly do business with, or from your social networking site such as YouTube, Facebook or MySpace.
Phishing scams are usually carried out by email or instant messaging, and direct you to a fake website where you enter personal details. The fake website will look similar or identical to the legitimate website.
In order to trick you into revealing your personal details, the message might include phrases like "confirm billing information" or "verify your account" or "update your credit card information" or "If you don't respond within 48 hours your account will be closed".
These are examples of messages you may receive:
"We suspect an unauthorized transaction on your account. To ensure that your
account is not compromised, please click the link below and confirm your
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
The messages convey a sense of urgency so that you will respond immediately without thinking. The message might even claim that your quick response is required because your account has been compromised.
The messages direct you to a website that looks just like a legitimate organization's site, however it's a fake site whose sole purpose is to trick you into giving your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft. Experiments show a success rate of over 70% for phishing attacks on social networks.
Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.
A phishing scam that is very targeted is called spear phishing. Some recent phishing attacks have been directed specifically at senior executives within businesses, and the term whaling has been coined for these kinds of attacks.
This type of identity theft may result in denial of access to email, loss of credit, lost access to accounts, or severe financial loss.
If phishers can gain access to username and passwords, they can lock you out of your accounts, and drain accounts of any money and also run up debt.
If phishers can obtain your name, date of birth and an address [some of which can be obtained from public records] they can open bank accounts, business accounts and credit cards with which to commit fraud.
In 2007 phishing attacks in the United States involved 3.6 million adults who lost US $ 3.2 billion in the 12 months ending in August 2007.
* Phishers are now able to forge both the https:// that you normally
see when you are on a secure Web server and
also a legitimate looking address. Make sure you enter the address of any banking, shopping, or financial
transaction website yourself and don't use displayed links
* Phishers can also forge the yellow lock you would normally see near
the bottom of your screen on a secure
site. The lock used to be an indicator of a 'safe' site. When the lock is double-clicked, it displays the security
certificate for the site. If you get any warnings that the address of the site you have displayed does not match
the certificate, don't proceed
Identity Theft Help Sites:
If you have given out your personal identification information in a phishing scam:
Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
Major Credit Bureaus
Notify your bank(s) and ask them to flag your account and contact you regarding any unusual activity.
Contact your local police department to file a criminal report.
Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information.
Notify the Department of Motor Vehicles of your identity theft.
Notify the passport office to watch out for anyone ordering a passport in your name. File a complaint with the Federal Trade Commission.
File a complaint with the Internet Fraud Complaint Center.
Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.
Report the theft of this information to the card issuer as quickly as possible
Cancel your account and open a new one
Review your billing statements carefully after the loss
Credit Card Loss or Fraudulent Charges
ATM or Debit Card Loss or Fraudulent Transfers
You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.