Phishing for an Identity


Phishing is rapidly becoming on the largest threats to your personal, financial, and emotional wellbeing. No I am not talking about Saturday afternoons out on the boat with your grandfather, listening to stories that being with "When I was your age?"-now while these probably conjure up horrific childhood memories of such stores, they in no way come close to the horror felt by victims of Phishing.

Phishing (fish'ing ? to trick people into providing their personal and financial information by pretending to be from a legitimate company, agency or organization) is a fairly new scam propagating itself on the internet in many different forms. Each has the same sole purpose of convincing you to volunteer your personal and financial information and hand if over to these crooks.

One such attack was targeting PayPal (www.PayPal.com) customers, by sending out mass email (spam) stating that there had been a security breach and the account has been suspended until you verify some information. Well this may sound reasonable, but the truth behind this was it was not from PayPal; rather a carefully orchestrated scam to capture your PayPal username and password, credit card information, debt card pin number, mailing address, and social security number among others. What made these even scarier was the fact that the message was designed so well-using PayPal's logo and website layout perfectly-that even I had to take a second look. This convinced people of the legitimacy of the message and prompted individuals-estimated in the thousands-to happily provide their information over to the scammer.

There were a few items that made this email message stand out as a fraudulent spam message rather than legit communication:

? Greeting: The greeting at the top of the message was "Dear PayPal Member". This should alert you as PayPal, along with most major companies will address you by name or company associated with the account. EX: Dear Steven

? Website address: The website address that was being linked to from within the message was not www.PayPal.com, but rather a very clever hoax. When you look at the link in the message it appears to go to PayPal's website, but when you click on it a different address (one of the scammer's website) loads.

Now that I have scared you enough for one article, which this is not my intention to do so, but you must also realize the severity of this issue; there are a few simple things to keep in mind. Do not trust email messages. Let me say that one more time DO NOT TRUST EMAIL MESSAGES. If something seems fishy (no pun intended), do not trust it. If it tells you to update your information, call the company up that it mentions or login to your account as you normally would. In this example, you could call PayPal's customer service number or login at PayPal's website (visit it by opening your web browser and manually entering http://www.PayPal.com--not through the link provided in the email). Doing so will verify that you are not falling victim to Phishing.

Steven Carlson is an expert in identity theft and issues relating to credit restructuring solutions. He is serves as the President and CEO of Digital Intelligence Group, Inc. (www.DigitalIG.com) a company that provides identity theft and credit restructuring services through its brand eCreditRx (www.eCreditRx.com).

home | site map
© 2005