Phishing Scam

How to Avoid Getting Fried by Phony Phishermen

 

“Phishing” involves the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information — such as account numbers for banking, securities, mortgage, or credit accounts, your social security numbers, and the login IDs and passwords you use when accessing online financial services providers. The fraudsters who collect this information then use it to steal your money or your identity or both.


When fraudsters go on “phishing” expeditions, they lure their targets into a false sense of security by hijacking the familiar, trusted logos of established, legitimate companies. A typical phishing scam starts with a fraudster sending out millions of emails that appear to come from a high-profile financial services provider or a respected Internet auction house.


The email will usually ask you to provide valuable information about yourself or to “verify” information that you previously provided when you established your online account. To maximize the chances that a recipient will respond, the fraudster might employ any or all of the following tactics:


Names of Real Companies — Rather than create from scratch a phony company, the fraudster might use a legitimate company’s name and incorporate the look and feel of its website (including the color scheme and graphics) into the phishy email.


“From” an Actual Employee — The “from” line or the text of the message (or both) might contain the names of real people who actually work for the company. That way, if you contacted the company to confirm whether “Jane Doe” truly is “VP of Client Services,” you’d get a positive response and feel assured.


URLs that “Look Right” — The email might include a convenient link to a seemingly legitimate website where you can enter the information the fraudster wants to steal. But in reality the website will be a quickly cobbled copy-cat — a “spoofed” website that looks for all the world like the real thing. In some cases, the link might lead to select pages of a legitimate website — such as the real company’s actual privacy policy or legal disclaimer.


Urgent Messages — Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the emails warn that failure to respond will result in your no longer having access to your account. Other emails might claim that the company has detected suspicious activity in your account or that it is implementing new privacy software or identity theft solutions.

How to Protect Yourself from Phishing

The best way you can protect yourself from phony phishers is to understand what legitimate financial service providers and respectable online auction houses will and will not do. Most importantly, legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as email.


Follow these five simple steps to protect yourself from phishers:

Pick Up the Phone to Verify — Do not respond to any emails that request personal or financial information, especially ones that use pressure tactics or prey on fear. If you have reason to believe that a financial institution actually does need personal information from you, pick up the phone and call the company yourself — using the number in your rolodex, not the one the email provides!


Do Your Own Typing — Rather than merely clicking on the link provided in the email, type the URL into your web browser yourself (or use a bookmark you previously created). Even though a URL in an email may look like the real deal, fraudsters can mask the true destination.


Beef Up Your Security — Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must-have for those who engage in online financial transactions. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with “https” instead of just “http.”


Security Tip: Some phishers make spoofed websites which appear to have padlocks. To double-check, click on the padlock icon on the status bar to see the security certificate for the site. Following the “Issued to” in the pop-up window you should see the name matching the site you think you’re on. If the name differs, you are probably on a spoofed site.


Read Your Statements — Don’t toss aside your monthly account statements! Read them thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made, and check to see whether all of the transactions that you thought you made appear as well. Be sure that the company has current contact information for you, including your mailing address and email address.


Spot the Sharks — Visit the website of the Anti-Phishing Working Group at www.antiphishing.org for a list of current phishing attacks and the latest news in the fight to prevent phishing. There you’ll find more information about phishing and links to helpful resources.

What to Do if You Run into Trouble

Always act quickly when you come face to face with a potential fraud, especially if you’ve lost money or believe your identity has been stolen.


Phishy Emails — If a phishing scam rolls into your email box, be sure to tell the company right away. You can also report the scam to the FBI’s Internet Fraud Complaint Center at www.ic3.gov. If the email purports to come from a brokerage firm or mutual fund company, be sure to pass along that tip to the SEC’s Enforcement Division by forwarding the email to enforcement@sec.gov.


Identity Theft — If you think that your personal information has been stolen, visit the Federal Trade Commission’s Identity Theft Resource Center at www.consumer.gov/idtheft/index.html for information on how to file a complaint and control the damage.


Securities Scams — Before you do business with any investment-related firm or individual, do your own independent research to check out their background and confirm whether they are legitimate. For step-by-step tips and links to helpful websites, please read Check Out Brokers and Advisers and SIPC Exposes Phony “Look-Alike” Web Site. Report investment-related scams to the SEC using our online Complaint Center.

Security - Phishing, Pharming, and Fraud - Be Aware

Nononsense.com believes security issues are important online and offline.


Everyone needs to be aware of their surroundings whether they are shopping on the internet or at a mall. It would be nice to think that the world was a safe place all the time, but that'd be nonsense. These suggestions aren't a fail safe, but awareness is half the battle.

- Deterring Identity Theft
- Avoiding Fraud
- Phishing Online Viruses
- Stop Spoof Emails & Web sites
- Pharming

Deterring Identity Theft

Identity theft is a crime that affects consumers at home, at work, in the shopping mall or online. Consumers who exercise common sense, monitor their account status and protect their personal information are the best equipped to safeguard their identity.

Safety Tips

- Monitor your accounts
- Never reply to emails that ask for personal information
- Use strong and unique passwords
- Know what to do in the event of identity theft

Safety Tips

1. Monitor your accounts.
With a close eye on your account, you can spot suspicious activity and take steps to notify officials. The accounts that you hold with your bank, phone company, and ecommerce providers should be monitored regularly. You should also order a credit report every year to ensure that it is accurate.

2. Never reply to emails that ask for personal information.
Email is a risky way to send your personal information - especially financial or other sensitive information. You can help protect your identity by refusing to give personal information (such as Social Security Numbers and account passwords) via email and by never downloading email attachments that are sent from someone you do not know.

3. Use strong and unique passwords.
Good passwords have two things in common. First, they include a combination of letters and numbers. This helps prevent someone from guessing your password and prevents an intruding computer from randomly going through words in the dictionary until it finds the right match.

- Second, a strong password will be unique to the account. Just as you wouldn't use the same key for your car, your office and your house, unique passwords are an important preventative step in the event someone gets hold of one of your passwords.

4. What You Should Do if you've become an Identity Theft Victim.



Restoring a person's accounts and credit report once he or she becomes a victim of identity theft can be an extremely frustrating and time-consuming experience. An identity theft victim should contact a number of organizations that have an impact on credit ratings and security. The Federal Trade Commission offers an Affidavit of Identity Theft that can be notarized and then sent to creditors and agencies.


- Credit bureaus
Early contact should be made with the three credit reporting bureaus

- Equifax
www.equifax.com
Report Fraud:
1-800-525-6285

- Order a credit report
1-800-685-1111
P.O. Box 740241
Atlanta, GA 30374-0241

- Experian
www.experian.com
Report Fraud:
1-888-397-3742

- Order a credit report
1-888-397-3742
P.O. Box 1017
Allen, TX 75013-0949

- TransUnion
www.tuc.com
Report Fraud:
1-800-680-7289

- Order a Credit Report
1-800-916-8800

- Fraud Victim Assistance Department
P.O. Box 6790
Fullerton, CA 92834

- Bank and other accounts
Individuals who believe that one of their accounts have been stolen should verify the extent of damage and contact their financial institutions immediately.

- Consumer Credit Counseling Service
If fraudulent charges are discovered, the victim should call their local Consumer Credit Counseling Service at 800-388-2227 (or locate a regional bureau at www.nfcc.org) for assistance in clearing false claims from his or her credit report.

- Check guarantee companies
In cases where bank accounts have been opened fraudulently in a person's name, that individual should call a check guarantee company like Telecheck at 800-366-2425 or online at www.telecheck.com. These companies can flag the file so that the counterfeit checks will be refused.

- Other Important Agencies:

- The Department of Motor Vehicles
- The Social Security Administration: www.ssa.gov
- The FBI: www.fbi.gov
- The Federal Trade Commission: www.ftc.gov
- U.S. Postal Service (ID Theft involving mail): www.usps.com

Online Viruses

Safety online starts with keeping your computer secure by protecting it from viruses and other Internet threats. An ounce of prevention...

Safety Tips

- Keep your internet browser up-to-date
- Use virus protection software and keep it current
- Install a firewall
- Viruses and What They Can Do


Viruses are pieces of code that install themselves onto your computer for malicious purposes. Viruses are designed to replicate themselves, spreading from computer to computer. Since the Internet is made up of millions of computers connected to each other, viruses thrive in the online world.


Some viruses are nothing more than an annoyance - others are more severe, slowing down your computer, deleting and stealing potentially sensitive information, or crashing your computer altogether.


Most viruses require some sort of human intervention - sharing and downloading infected files, opening attachments in emails, etc. The good news is that by taking a few preventive steps, you can help keep your computer safe and secure.

Safety Tips

1. Keep your Internet browser and computer up-to-date.
Internet browsers such as Internet Explorer or Netscape are constantly updated with patches that make them even more resistant to the latest external threats. By visiting the Web site of your browser's manufacturer, you can make sure that your browser is as secure as possible with the latest updates. Making sure you have all current patches for your operating system is also important. These patches can be found at the manufacturer's Web site.

2. Use virus protection software and keep it current.
Effective virus protection software will guard your computer, automatically detecting and scanning downloads for known viruses. Some popular virus protection software makers include: Norton Antivirus, McAfee Security, Symantec, Computer Associates, F-Secure and Trend Micro.

Since virus creators are always inventing new, more threatening virus definitions, simply having the virus protection software is only half the battle - you should take steps to keep it current by visiting the Web site of the maker of your virus protection software.

3. Install a firewall
Some online hackers spend their time looking for vulnerable computers - those that have left their front door wide open. By flagging and ignoring information that seems to be from a suspicious location, a firewall disables the ports that allow criminals to access your machine, rendering your computer invisible to hackers who are in search of vulnerabilities.

Avoiding Fraud

Just as consumers should take obvious measures to protect themselves in conventional stores - not leaving a purse in an unguarded shopping cart, protecting their PIN (personal identification number) at checkout, not carrying large amounts of cash in their wallets - online shoppers should consider sensible precautions as well.

Online fraud can take many forms. In most cases, following a few simple practices can deter it:

Safety Tips

- Learn as much as possible about the website
- Understand the e-tailers' refund policies
- Use a secure checkout and payment process
- If an offer sounds too good to be true, it probably is

1. Learn as much as possible about the website.
Shoppers who are familiar with the merchants from whom they're buying feel the most secure. The Internet offers a platform for retailers to provide detailed information that empowers buyers to research the products and companies they are interested in. Review our privacy/legal policies if you have questions about Nononsense.com. If you'd like to contact us or have a question, please email us at webmarketingmanager@nononsense.com

2. Understand the retailers' refund and return policies. Look for and ask about the refund and return policy. Questions to ask include: the required timeframe in which a buyer must contact the retailer and return the item; whether a full refund or a merchandise credit will be offered; and, whether an item that has been opened can be returned. If no refund policy exists, consumers may be able to take advantage of buyer protection programs, if offered by the retailer or the consumer's payment service provider. These protection programs ensure that if there is a problem with a transaction, the consumer's payment will be covered or refunded as a result.

3. Use a secure checkout and payment process. Many Web sites use a technology called Secure Sockets Layer (SSL) to encrypt any personal and financial information sent over the Internet. To know if the retailer is encrypting information, look for the display of a locked padlock at the bottom of the Internet browser you are using.

4. If an offer sounds highly suspicious or too good to be true, it probably is. As with any purchase, shoppers should read the fine print (or, in some instances, click the links describing the purchase agreement). While Internet retailers frequently offer lower prices than conventional stores, shoppers should be wary of unreasonably low bargain prices or unusually attractive promises.

Stop Spoof Emails & Web sites

Some thieves on the Internet simply go fishing, or 'phishing', as the practice has come to be known, trolling the sea of online consumers in hopes of netting unsuspecting victims. One method of phishing is the sending of 'spoof' (fake) emails, which copy the appearance of popular Web sites or companies in an attempt to commit identity theft or other crimes. The good news is that you can stop spoof emails and Web sites in their tracks by taking a few simple precautions.

Safety Tips

Learn the signs of a spoof email
Do not click on email links that request personal information

Safety Tips

1. Learn the signs of a spoof email.
It's incredibly difficult to detect fraudulent emails - as spoofers have become increasingly sophisticated in their attacks. There are certain characteristics Internet users should look for, though, that are common to many spoof emails.

A. Sender's Email Address
Spoof email may include a forged email address in the "From" line - Some may actually be real email addresses that have been forged.
(From: billing@nononsense.com; From: mail@nononsense.com;
From: orderstatus@nononsense.com).

B. Email Greeting
Many Spoof emails will begin with a general greeting such as "Welcome Nononsense User."

C. Urgency
Claims that a site is updating its files or accounts - Don't worry, it is highly unlikely that a reliable site will lose your account information.

D. Account Status Threat
Most Spoof emails try to deceive you with the threat that your account is in jeopardy and you will not be able to buy if you do not update it immediately.

2. Do not click on email links that request personal information.
Do not click on a link embedded within any potentially suspicious email, especially if the email requests personal information. Instead, try starting a new Internet session with your browser, typing the Web address of the link into the address bar, and pressing 'Enter' to be sure you are directed to a legitimate Web site.

Phishing

phishing [View Webopedia Definition]
(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.

How to Spot A Phishing Scam

At first glance, it may not be obvious to the recipients that what is in their inbox is not a legitimate e-mail from a company with whom they do business. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail, and the clickable link may also appear to be taking you to the company's Web site, but will in fact take you to a spoof Web site. Looks can be deceiving, but with phishing scams the e-mail is never from who it appears to be!

Pharming

Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

 More