Is The Phishing Threat Getting Worse?
Friday, January 15th, 2010Phishing is a form of identity theft. It involves the fraudsters sending large numbers of spam emails out to unsuspecting Internet surfers. The email appears to be from a reputable source such as a high street bank. The logos being used and often the email address look genuine and many recipients consider the emails to be from who the say they are.
However, the emails use copies of the banks’ corporate letterhead. The email addresses are cloaked using sophisticated software or are so close to the real addrees that they are often accepted. For example the fradulent email could be something like: hbsc.com – at first glance you would think it came from HSBC! Please note that the example used is actually a legitimate site, simply used to show how easy a transcribed letter can fool the recipient – I am unable to disclose any real examples for obvious security reasons.
Once the unwary recipient clicks on the link on the email he or she is directed to a web site that looks to all intents and purposes like a legitimate bank web site. Invariably a request will be made to log in with security details. If you should do this you will find that your bank account is emptied right up to the overdraft limit very quickly!
I receive phishing emails from crooks that pretend to be banks that I do not even bank with – they are simply emailing as many contacts as they can in the hope that some will no doubt bank with the current bogus named bank and hopefully comply with the requests.
- It is importnat to note that no bank will ever ask by email for you to confirm your security details.
Although a number of years ago now, I was victim of a phishing email. This shows how easy it is if even a fraud investigator can be tricked into believing that an email is genuine! I was selling some bits and pieces on eBay at the time and having quite a lot of fun buying and selling items. One day I received an email telling me that I was now eligible to get “power seller status”. This was very believeable, I knew all about this acolade which gave you more credibility when selling items and I had been quite busy lately. I clicked on the link and was immediately asked to confirm my user name and password. At this stage I was not suspicious as eBay is continually asking for you to do this when you surf around their web site.
However, once I had entered these details I was taken to a web page, that still looked like an official eBay page, that asked me to enter all my personal details that eBay allready had, including my bank or credit card details! At this point I immediately logged out.
I did not think any more about this as I thought I had escaped in the nick of time! However, a few days later I received another email from eBay, telling me that they were investigating a fraud associated with my account. I went to my account and noted that there was a Harley Davidson for sale at around $3,500! Shortly afterwards my account was taken down and I could not access it again. After a further few days I received another email from eBay telling me that they had resolved the fraud, that my account had been hijacked and that I must now sign in and create a new password.
Hats off to eBay, they sorted the problem and returned some listing fees of around $40 that had hit my account for the fake sale of a motor bike. The fraudster had phished my identity to use my 100% good seller reputation to try to sell some $3500 of fresh air to an unsuspecting buyer.
I am pretty hot on phishing emails now!