Computer Crime Research Center

card/images8.jpg

Phishers are using e-mail to get information from people

Date: October 17, 2004
Source: The Brampton Guardian


Residents are being warned to tread cautiously through their e-mail messages as a form of Internet fraud continues to grow.

Bulk messages of forged e-mails that seem to come from legitimate banks and financial institutions have tricked recipients into revealing their personal information, according to Peel police Fraud Bureau. The recipients are told their accounts need updating.

The scam sometimes plays on the fear of the increasing prevalence of identify theft, saying the e-mail is being sent "in order to safeguard your account due to increasing identity theft, please confirm your details."

The recipient clicks on the e-mail link and is directed to what appears to be a legitimate Web site. They are asked to enter their user identity, password and other sensitive information. The sender of the e-mail uses the information to commit frauds. The technique is known as "phishing", according to police.

The e-mails are being sent under the names of U.S. banks, PayPal, Citibank and, recently, VISA, eBay and Yahoo, but are not from those companies. The names of well-known banks, credit card companies and online retailers are used by the fraudsters to obtain credit card numbers, passwords, and other personal information.

Each e-mail includes a hyperlink that appears to go directly to the institution indicated, but which actually links to a numeric IP address where the fraudster is "harvesting" information, according to police.

According to the Anti-phishing Working Group, phishers are able to convince up to five per cent of recipients to respond.

According to the group's Web site, the number and sophistication of phishing scams is skyrocketing. Online banking and e-commerce are safe, but computer users are being warned to be careful when giving out personal financial information over the Internet.

The Anti-phishing Working Group has several recommendations for avoiding becoming a victim:

* be suspicious of any e-mail with urgent requests for personal financial information. Unless the e-mail is digitally signed, you can't be sure it wasn't forged or 'spoofed'. Phishers typically include upsetting or exciting (but false) statements in their e-mails to get people to react immediately;

* phishers typically ask for information such as usernames, passwords, credit card numbers, etc. The e-mails are usually not personalized, while valid messages from your bank or e-commerce company usually are;

* don't use the links in an e-mail to get to any Web page, if you suspect the message might not be authentic. Call the company, or log onto the Web site directly by typing in the Web address in your browser. Avoid filling out forms in messages that ask for personal financial information. You should only divulge information such as credit card numbers or account information through a secure Web site or telephone;

* always ensure you're using a secure Web site when submitting credit card or other sensitive information via your Web browser. To make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be https:// rather than just a href="http://" >http://;/a>

* consider installing a Web browser tool bar to help protect you from known phishing fraud Web sites. EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites. It's free to download at a href="http://www.earthlink.net/earthlinktoolbar" >www.earthlink.net/earthlinktoolbar;/a>

* ensure your browser is up to date and security patches applied. In particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page at a href="http://www.microsoft.com/security/" >www.microsoft.com/security//a> to download a special patch.

For more information, check the Web site at a href="http://www.antiphishing.org" >www.antiphishing.org./a> Anyone who has responded to this scam should call their bank and the Peel Regional Police Fraud Bureau at 905-453-3311, ext. 3335.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo