Phishing: Reduce Identity Theft
"Phishing" is a powerful weapon used by technology-savvy identity thieves to steal a victim’s account information and then their money. The weapon takes the form of phishing emails, which are sent out by the millions every day over the Internet. Every year, more than 9 million Americans--young, middle-aged, and elderly--are victims of identity theft.
The annual cost of identity theft in 2007 was $49.3 billion, according to The Privacy Rights Clearinghouse. And while many consumers are now careful to avoid identity theft by shredding paper account statements before throwing them in the garbage, phishing emails could represent a far greater threat.
Here's how phishing works:
A potential victim receives an email from what looks like a well-respected company. (Phishers often spoof the identity of larger companies, such as Visa, eBay, and PayPal, not because the thieves know that you have an account with them, but because there is a good chance that you do.)
The phishing email will generally alert you to some "questionable activity" surrounding your account, and then "as a precaution", you are prompted to click on a link that is supposed to take you to the spoofed company's official website where you can update your security information. This is usually followed by a claim that if you do not comply, your account will be deactivated or canceled.
However, this link in the phishing email will usually route you to a Trojan horse website with similar logos and seemingly official information, to make you believe it is real. Once at the Trojan horse website, you are prompted to enter your user name and password. At that point, you have generally compromised yourself, your information, and if you're unfortunate enough, your finances.
Companies like eBay and PayPal work hard to combat this phishing threat. PayPal, for example, dedicates several website pages to information about phishing and what to do if you are concerned about the legitimacy of an email. If you are uncertain about the validity of an email, PayPal urges you to “Forward the entire email to firstname.lastname@example.org; do not alter the subject line or forward the message as an attachment; and delete the suspicious email from your email account. We’ll send you an email response to let you know if the email is indeed fraudulent In the meantime, don’t click on any links or download any attachments within the suspicious account.
I Did This!
After receiving your identity theft alert, reputable companies will try to shut down the phishing site almost immediately. To assist with that effort, forward the entire phishing email to the spoofed company's security team.
Here's how to reach some of those security teams:
Make a Difference
animal welfare helping children community development environmental protection health & safety poverty & homelessness