How to Protect Yourself from Identity Theft
According to the Wikipedia, Phishing (pronounced FISH.ing) is a form of social engineering, characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords.
COMPUTERWORLD’s DEFINITION: “Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.”
WARNING: None of the emails below are legitimate emails from the companies they seem to represent. All of them are bogus and attempt to solicit account information from customers of the target companies. No legitimate emails from these companies would ask you to verify your account information in this manner. Note that most of the links in these emails do not go to the real companies websites, but rather to some other website where a fake input form is used to collect the customers account information.
Whenever you are inboubt about an email that appears to come from a company with whom you have an account, do one of the following:
The following example was received 12/14/05 and targets USAA customers. Note that the link provided in the email does not go to a USAA website. However, even if it did seem to point to a USAA website, the link could be descised through several methods using HTML email to actually be pointing to somewhere else so don’t ever assume that the links are really pointing to the legitimate company website even if they seem to be doing so. USAA will NEVER send their customers an email similar to the one below asking the customer to enter their account information for verification.
Dear USAA Member,
During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.
As a result, your access to online banking on USAA has been restricted. To start using fully your online account, please update and verify your information by clicking the link below :
Thank you for your prompt attention to this matter.
The following email arrived 12/15/05 to an email address that is used only by Ezine Publishers requesting a copy of an article from an autoresponder. Thus the email address was obviously harvested from the Internet without any knowledge of its real use. Things that immediately identify this email as a Phishing email include:
Again, the email below is NOT an email from the official Navy Federal Credit Union website, but rather a Phishing attempt targeting Navy Federal Credit Union customers. The Navy Federal Credit Union would NEVER send out such an email to its customers.
After completing this process, you will be informed that your account has been updated and you will be redirected to the actual Online Access Agreement, for you to review.
I received the following Phishing email on 7/29/06. This is NOT a legitimate email from PayPal®.
If you place your cursor over the link “Click here to update our PayPal account information” you will see that the actual link does not go to a PayPal address, but simply to an IP numbered address “http://22.214.171.124/”
|Dear PayPal® member,
It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website.
If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with our online service.
However, failure to update your records will result in account suspension.
Please update your records. Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.
Click here to update your PayPal account information
Copyright © 1999-2006 PayPal. All rights reserved.
Information about FDIC pass-through insurance
I received the following phishing email three times on August 8, 06 under three different subject lines. The emails were sent out as untargeted blanket spam hoping to find and entrap some clients of Fifth Third Bank. I do not have an account with Fifth Third Bank, as a matter of fact, I’ve never heard of them!
While the above looks to be text, it is really an image. In the first email, the image was named basso.gif and in the second it was named chieftain.gif and in the third it was named coverall.gif. If you clicked anywhere on the image, it took you to the following link: <http://www.53.com.wps.portal.secure.aliktauh.net/context.id> which is a fake page hoping you to enter your account information. If had an account with Fifth Third Bank, and entered your account information into the form on the fake website you would have found the money in your account missing in short order. NEVER respond to such emails! THEY ARE ALL FAKE!
Welcome to the identity-theft-defence.com! This is a blog where you can find a lof information about how to identity theft!