Steer Clear of Phishing Scams
What's New in Technology
Steer Clear of Phishing Scams
On-line fraud is a huge problem - especially for small businesses and consumers - and the losses generated are soaring. The Annual CyberSource Fraud Survey estimates that online scammers bilked their victims out of some $2.6 billion in 2004, an increase of more than 50 percent over 2003. Businesses believe these scams will be an even bigger problem this year.
If you pay bills online, manage your finances, or buy goods or services over the Internet, be extremely cautious, and - most importantly - never respond to emails requesting personal details (account numbers, passwords, address information, etc. etc.). If you havenÂt already, it is probably only a matter of time before you are contacted via email by a sophisticated scammer running a phishing scheme. Phishing is short for "password harvesting fishing" and it is a particularly insidious form of online fraud. It is designed to trick you into providing a scam artist with sufficient personal details to enable them to steal your money and/or your identity.
Unlike other online spam and fraudulent offers, phishing emails look authentic. The stakes are high for phishers, and the scam artists behind these efforts are ambitious, highly motivated and sophisticated. They often pose as some of the InternetÂs biggest and best-known names - including Ebay. Their email messages look "right" - just like the real thing. Their requests are professionally written and have all the right corporate graphic elements. Though their methods are highly evolved, their goal is simple - to get your password or account number and steal your money.
HereÂs a short list of phishing "red flags":
- A company contacts you via email and asks for verification or submission of personal data. No reputable business would ask for this type of information in an email.
- The email is an urgent request. It may say your account is about to be suspended or that the companyÂs site has crashed and your account details have been lost. The phisherÂs email will either contain forms for you to fill in or an embedded link to take you to site where you can fill in the personal information "needed".
- Pay attention if the URL (uniform resource locator) doesnÂt look quite right. A common scammer trick is to try and make you think you are visiting a particular business site by "hijacking" the name of a legitimate website address.
- Check the actual domain name. Whatever comes right before the domain extension (the bit before the ".com") is the actual domain site. In this way, http://www.authentic_shop.com gets you to the content on a website for the retail firm called Authentic Shop. However, http://www.authentic_shop.scam.com will get you to the scam website.
- Also check the domain extension. If you are visiting a legitimate commercial business website, it usually will end in ".com" not ".org" (used by organizations, non-profits, etc.) or ".edu" (used for schools and other learning institutions).
- Secure sites requiring a password (where it is safe to conduct transactions) have "https" in the URL and a padlock icon (usually lower right). If you donÂt see these, you are probably visiting a scammerÂs site.
- Be cautious about the links you receive in seemingly "urgent" emails. Some phishing scammers use links that appear to connect to a legitimate site but actually connect with the scammerÂs own site. You can spot this type of "link masking" by letting your mouse pointer hover over the link long enough for the actual link address to pop-up. Many phishing sites use IP (Internet Protocol) addresses, which are a series of numbers rather than a name. If something like 184.108.40.206, instead of a name, pops up next to the link, donÂt tempt fate.
- Err on the side of caution; avoid all dubious links and type in the URL addresses you know are correct. Yes - it takes a little longer than clicking but keyboarding means youÂre in control of what site youÂre visiting.
Scammers continue to be crafty and creative in their efforts to pilfer your hard earned cash. Be cautious, read domain names carefully and donÂt be caught off balance by "urgent" email requests. Finally donÂt give out passwords or other important personal data in emails.
These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact their CPA regarding the topics in these articles.