SCAMS / PHISHING

 

INFORMATION PELICAN BAY HOME COMPUTING HOME OFFICE SMALL OFFICE COOKIES POP-UPS SCAMS SPYWARE SPAM PREVENT. MAINT. TECHNICAL

 

Additional Scams

The Internet provides the perfect playground for scam artists, and by using the same principle as spammers,

they figure that if they try a scam on enough people, sooner or later, someone will take the bait.

Phishing

In some cases, spam is actually used for the scam. One of the newest scams to make the news is

phishing. In this scam, the target is sent a very official-looking e-mail from what they think is their

bank or credit card company. A short note describes the "bank’s" concern about identity theft and

asks you to click a link so that they can confirm your account number. The link takes you to a very

convincing website, complete with company’s logo and trademarks and, in some cases, a 1-800 number.

The site is bogus, however, and is operated by the actual identity thieves. The 1-800 number goes

to them as well so if you call, everything seems legitimate. Figure 16-2 shows an example of a phishing

e-mail (assuming that Pangea National Bank is an actual bank). Take a look at how official this

looks and reads. However, clicking on the web link provided sends you to a website in China.

Rest assured that any bank or credit card company that you deal with knows what your account number

is. It is their business to know it, especially if you hold a balance on your credit card. If you get

an e-mail like the one just described, you should immediately do these things:

¡ Report the scam to the Federal Trade Commission—Forward the e-mail you received to

spam@uce.gov and identify that you believe it to be a phishing scam.

¡ Call your credit card company to notify them of the scam—Use the phone number on the back

of your credit card or the one printed on your monthly bill, not the one in the text of the e-mail

or on the scam page.

¡ Notify your ISP—You can reach most ISPs by sending an e-mail to the abuse reporting address

for your domain. For example, if you subscribe to EarthLink, the e-mail would be abuse@earthlink.

net. There will usually be a fraud alert link on the provider’s main page as well.

As always, think before you act when it comes to giving out your personal information or responding

to official looking e-mails. Phishing scams do not necessarily have to have money involved, it could

just as easily be your e-mail account itself. To spammers and hackers, even an e-mail account is of

value. Educate your friends, family, and strangers on the street about what you have just learned.

Avoid Phishing Scams

It’s surprising that the security bundles, which so far have done just about everything for us, do not

have specific tools to combat phishing scams. They do provide spam blocking, which would undoubtedly

filter most if not all of them. But it is still surprising that this opportunity has not yet become

apparent to the security software vendors.

On the other hand, at least one ISP (EarthLink) is hot on the trail. EarthLink provides a service they

call ScamBlocker, which claims to be able to stop phishing scams in their tracks. The way it works is

you have to download a web portal tool called EarthLink TotalAccess, which inserts functions into

your Internet browser.

Figure 16-5 takes a quick look at the tool. (Note, however, that we did not actually test it with a real

phishing scam to see if the claim is true.)

Notice the ScamBlocker icon on the toolbar after we have installed the service. We would expect the

security product bundles to quickly incorporate specific scam blocking functions.

Back Next