|Your account||Today's news index||Weather||Traffic||Movies||Restaurants||Today's events|
Monday, December 06, 2004 - Page updated at 12:00 A.M.
E-conomy / Paul Andrews
Chances are you're receiving more of a particular type of dangerous spam as well.
I'm talking about "phishing." Phishing is hacker slang, complete with hacker spelling, for bogus e-mails that mimic banks, credit-card providers and legitimate businesses in an attempt to get you to reveal logons, passwords and financial data. Online criminals, in other words, hope to hook unsuspecting users with fraudulent e-mail and Web site prompts.
Here's how it works. You get an e-mail from a bank or vendor you normally would trust. The e-mail asks for an account update, verifying a transaction or otherwise prodding you for a response by clicking on a Web link. The link sends you to a dummy Web site configured to look and feel like the real thing. When you fill in your logon and password, the phisher records it and has an open door to your actual account.
Phishing has been around for quite a while. In a May report, Gartner estimated that 1.8 million consumers had been victimized by identity theft through phishing attacks. But this past October alone witnessed a one-month doubling in phishy Web sites, so the victim count undoubtedly is much higher by now.
Trust me you don't want to suffer through an identity theft. A successful phish costs the victim an average of $1,200 and a whole lot of anguish. Moreover, if the account is not insured against phishing, the consumer may never recover lost funds.
Here's the worst part about phishing: The crooks are getting better at it. Early phishes were easy to ignore because they contained erratic formatting, suspicious-looking links and often faulty grammar. They didn't even look like something a bank would send you.
But phishers have gotten very good about mimicking legitimate operations through brand logos, official language and authentic-looking links.
Recently I received a phish supposedly from Washington Mutual Bank, notifying me that unauthorized individuals had attempted to access my account. It wasn't as obvious a phish as most. After all, it sounded as though it was trying to stop an actual phish on my account.
I printed out the e-mail and took it to my local branch. I was gratified at the response. The personnel there called up my account, had me verify transactions going back two months, and gave me a name and number to call if I received any further phishes. They treated it pretty seriously, in other words.
To help fight phishing, vendors typically send confirmational e-mails of transactions. But phishers send similar messages, and the holiday crush may make it hard to distinguish the two. If you just put in an Amazon.com order and a then get a phish, how do you know it's bogus?
The FTC has set up some procedures to help fight phishing. It asks that suspicious e-mail be forwarded to email@example.com. If you feel you've been defrauded, you can file a complaint at www.ftc.gov.
One thing that can aid investigators is to print out or forward a phish with header information (tracking the mail from source to you by Internet servers). The header information is usually hidden by default but can be revealed by your e-mail program if so directed.
If you just can't tell whether you're being phished or not, the FTC advises you to contact your vendor by a telephone number you know to be legitimate from a bill or other account document. Using a telephone in the Internet era can, as we all know, be a frustrating experience. But it could save you and your vendor a lot of trouble.
Paul Andrews is a freelance technology writer and co-author of "Gates." He can be reached at firstname.lastname@example.org.
Copyright © 2004 The Seattle Times Company
Home delivery | Contact us | Search archive | Site map | Low-graphic
NWclassifieds | NWsource | Advertising info | The Seattle Times Company
Back to top