Wednesday, June 24, 2009

Alert: Spoof & Phishing Emails

There are two types of email scams – known as 'phishing' and 'spoofing' - that can be difficult to identify. Both practices concern fraudulent emails where the 'from address' has been forged to make it appear as if it came from somewhere, or someone, other than the actual source.



What is 'phishing' all about - and how do I spot it?

Phishing emails are used to fraudulently obtain personal identification and account information. They can also be used to lure the recipient into downloading malicious software. The message will often suggest there are issues with the recipient's account that requires immediate attention. A link will also be provided to a spoof website where the recipient will be asked to provide personal/account information or download malicious software.



How is it different than 'spoofing'?


Spoof emails often include a fraudulent offer of employment and/or the invitation to serve as a go-between for payment processing or money transfers.



Consumer Advice: How to Avoid Phishing Scams


The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations that you can use to avoid becoming a victim of these scams.
  • Be suspicious of any email with urgent requests for personal financial information
  • Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
  • They typically ask for information such as usernames, passwords, credit card numbers, passport number, photograph, date of birth, etc.
  • Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic.
  • Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
  • You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.