Information is valuable.
Personal information such as bank account numbers, usernames and passwords, and Social Security numbers are especially valuable to those who would exploit them.
There are many tactics and tricks used to gain access to personal information, one of which is phishing.
Phishing scams are e-mails that look like they come from a bank, school administration, charity, police, the FBI, the support staff of social networking sites like Myspace or Facebook but are fake. These fake e-mails are used to lure people into visiting fake websites where their personal information is stolen.
Phishing scams use attention-grabbing subjects to lure their victims in. For example, some recent phishing attempts on UVU subjects were “four-day workweek survey” and “verify e-mail username and password to avoid account shut down.”
Other phishing schemes out there, according to the FBI cyber crime investigation website, are the hit man e-mail and FBI vs. Facebook.
The hit man e-mail is sent out claiming that the sender was hired to either kill or kidnap the recipient or a loved one if a ransom is not paid by a certain time. For the ransom to be paid, bank account information was to be sent to the sender.
FBI vs. Facebook is an e-mail sent out containing a link to a fake news article about Facebook and the FBI. When the site is visited, the Storm Worm virus is downloaded onto the user’s computer and is used to steal information and pass on the virus to other computers.
There are ways to avoid phishing scams. The Anti-Phishing Work Group, a global pan-industrial and law enforcement association, gives these suggestions:
Be suspicious of any email with urgent requests for personal financial information.
Do not use links in an email, instant message or chat to get to any Web page if the message is suspected to be inauthentic or if it comes from an unknown sender or screen name.
Avoid filling out forms in email messages that ask for personal financial information.
Always ensure that the website is secure when submitting credit card or other sensitive information via Internet.
If in doubt, contact the organization by phone to check on the request. Do not use any number provided by the suspicious e-mail.
Regularly check bank, credit and debit card statements to ensure that all transactions are legitimate.
Ensure that all browser software is up to date and security patches are applied.
For more information, visit the Anti-Phishing Work Group at http://www.antiphishing.org/index.html or FBI Cyber Investigations at http://www.fbi.gov/cyberinvest/cyberhome.htm.