In 2006 the average loss per phishing attack was $1,244.
In 2006, only 54% of people got their money back.
Scenario: You receive an official looking email from the billing department of your Internet service provider. They direct you to a legitimate looking web site so that you can update your billing information or risk losing your service.
Scam: You have been Phished. The fraudster takes information that you have provided and proceeds to make unauthorized credit and debit card transactions on your account.
This example is Phishing to a tee. The email could appear to come from your telephone services provider, bank, insurance company, credit card provider or even the tax department. Fraudsters use any number of fronts to get you to react by providing your information. They then use the information to steal your identity and make online credit or debit card purchases. They may even produce counterfeit credit cards, which are then sold to other criminals who make the purchases. Phishing and spoofing are related in that they both refer to using fake emails. Spoofing generally refers to the dissemination of forged email sent by someone other than the actual source. Phishing, utilizes a spoofed email and then directs the victim to the web site used to collect personal, sensitive information such as passwords, credit card numbers, and bank account information.
It is easy to be fooled by official looking email and the apparent urgent need for you to respond. Sometimes this will override your usual cautious nature. The scammer may threaten cancellation of a service, increased service fees or may encourage you to react so that you don't miss a "great deal". People are compelled to respond to avoid problems or disappoint and fraudsters play on this human weakness to get at your money. The best way to avoid phishing fraud is to never respond to an unsolicited email no matter what it says. Call your bank or credit card company directly to check if you are concerned.
If you or someone you know has been a victim of Phishing we want to know. Contact us and take ACTION NOW!
PHISHING FRAUD
Do not reply to any email that requests your personal information.
Look for misspelled words.
Always report phishing or "spoofed" emails.
Phishers typically include highly reactive statements in their emails to get people to respond immediately. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
Don't use the links in an email to get to any web page, if you suspect the message might not be authentic. Instead, log onto the website directly by typing in the web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website. To ensure you're on a secure web server, check the beginning of the web address in your browsers address bar - it should be "https://" rather than just "http://"
Check your online accounts frequently by logging into them a minimum of once a month.
Make it a routine to always check your bank, credit and debit card statements to ensure that all transactions are legitimate. If you see any suspicious charges or transactions, contact your bank and all card issuers for more information and guidance to correct the situation.
Always report "phishing" or "spoofed" emails to the following groups:
Forward the email to the Federal Trade Commission at spam@uce.gov
Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
Scenario: You receive an official looking email from the billing department of your Internet service provider. They direct you to a legitimate looking web site so that you can update your billing information or risk losing your service.
