The Internet provides the perfect playground for scam artists, and by using the same principle as spammers,
they figure that if they try a scam on enough people, sooner or later, someone will take the bait.
In some cases, spam is actually used for the scam. One of the newest scams to make the news is
phishing. In this scam, the target is sent a very official-looking e-mail from what they think is their
bank or credit card company. A short note describes the "banks" concern about identity theft and
asks you to click a link so that they can confirm your account number. The link takes you to a very
convincing website, complete with companys logo and trademarks and, in some cases, a 1-800 number.
The site is bogus, however, and is operated by the actual identity thieves. The 1-800 number goes
to them as well so if you call, everything seems legitimate. Figure 16-2 shows an example of a phishing
e-mail (assuming that Pangea National Bank is an actual bank). Take a look at how official this
looks and reads. However, clicking on the web link provided sends you to a website in China.
Rest assured that any bank or credit card company that you deal with knows what your account number
is. It is their business to know it, especially if you hold a balance on your credit card. If you get
an e-mail like the one just described, you should immediately do these things:
¡ Report the scam to the Federal Trade CommissionForward the e-mail you received to
firstname.lastname@example.org and identify that you believe it to be a phishing scam.
¡ Call your credit card company to notify them of the scamUse the phone number on the back
of your credit card or the one printed on your monthly bill, not the one in the text of the e-mail
or on the scam page.
¡ Notify your ISPYou can reach most ISPs by sending an e-mail to the abuse reporting address
for your domain. For example, if you subscribe to EarthLink, the e-mail would be abuse@earthlink.
net. There will usually be a fraud alert link on the providers main page as well.
As always, think before you act when it comes to giving out your personal information or responding
to official looking e-mails. Phishing scams do not necessarily have to have money involved, it could
just as easily be your e-mail account itself. To spammers and hackers, even an e-mail account is of
value. Educate your friends, family, and strangers on the street about what you have just learned.
Avoid Phishing Scams
Its surprising that the security bundles, which so far have done just about everything for us, do not
have specific tools to combat phishing scams. They do provide spam blocking, which would undoubtedly
filter most if not all of them. But it is still surprising that this opportunity has not yet become
apparent to the security software vendors.
On the other hand, at least one ISP (EarthLink) is hot on the trail. EarthLink provides a service they
call ScamBlocker, which claims to be able to stop phishing scams in their tracks. The way it works is
you have to download a web portal tool called EarthLink TotalAccess, which inserts functions into
your Internet browser.
Figure 16-5 takes a quick look at the tool. (Note, however, that we did not actually test it with a real
phishing scam to see if the claim is true.)
Notice the ScamBlocker icon on the toolbar after we have installed the service. We would expect the
security product bundles to quickly incorporate specific scam blocking functions.