Task 8 - Phishing

Online fraud is on the rise, and the techniques for creating deceptive e-mail messages and Web sites are getting more sophisticated.  Con artists have been around since time began, and now that we are in the Internet Age they are on the Web preying on unsuspecting online consumers.  Every time you turn around, seems that there is another phishing scam.  We get these email's everyday such as email disguised as a FedEX notification, receipts purportedly coming from iTunes for songs we never purchased or have an account with!

 

bullet

Phishing (pronounced “Fishing”) is an online fraud technique used by criminals to entice you to disclose your personal information. Phishing is the fastest rising online crime method used for stealing personal finances and perpetrating identity theft. Phisher's use many different tactics to lure you, including e-mail and Web sites that mimic well-known, trusted brands. A common Phishing practice involves "spamming" recipients with fake messages that resemble a valid message from a well-known Web site or a company that the recipients might trust, such as a credit card company, bank, charity, or e-commerce online shopping site.

bullet

The purpose of fake messages is to trick consumers into providing the personal information, such as your social security number or credit card number. Often Phishing messages have deceptive links that actually take you to spoofed Web sites that urge you to enter and submit your personal information. Your personal information is used by criminals to steal your identity, your money, or both.

picture of thief

Quiz - Phishing Scams avoid the bait

SonicWall Phishing and Spam IQ Quiz

How to spot a phishing scam

Video on Phishing by McAfee

Fraud Risk Tests

10 ways to Prevent being Scammed 

Protect your identity on the Internet

Spear Phishing

Spear Phishing emails are targeted at a specific companies or organizations. 
Spear Phishing at St. Rose

Delete and Disregard these messages! Never provide account information, passwords, date of birth or other personal information. If you have any doubt about the authenticity of an e-mail message forward it to the ITS Help Desk at  help@mail.strose.edu

bullet

Many "verify your identity scams" have proliferated user's inboxes over the years attempting to garner personal information.  Many times, these scams use fear tactics to try to obtain your information. Major institutions such as eBay, AOL, and Banks have had scam artists fraudulently pose as an administrator from the institution and try to obtain your personal information leading to identity theft.  In fact, it is very common to know someone who has had their identity stolen in this manner.  Official or important subject matter will be mailed to you through regular mail, not e-mail.

bullet

PayPal Phishing Scam

bullet

EBay/PayPal Email scam

bullet

List of Recent phishing scams

bullet

AOL 'Update Your Account Billing Information' Phishing Scam

bullet

Scam Alert - Fake Credit Report Sites

bullet

Bank Scams

bullet

Citibank Phishing Scam

bullet

How Outlook 2007Anti-Phishing works

bullet

How to report online fraud, scams and theft

bullet

Why is it so difficult to prosecute for online Identify theft

bullet

Why can't Phishing sites be shut down?

Identity Theft

bullet Be careful not to provide ANY personal information via e-mail such as credit card numbers, social security numbers, or any other type of information via e-mail.

bullet

Shred documents such as receipts, old insurance forms, credit card statements or any document that contains personal and confidential before throwing it away.

bullet

Identity theft is running rampant and credit is big business.  It seems there's another story about it in the news every day.  There are identity theft protection products such  ProtectMyID recommended by Kim Kommando.  The FTC recently took on LifeLock because it "guaranteed" protection and the FTC found them inadequate quoting that "you could drive a truck through LifeLock's protection services."

bullet

You should check your credit report regularly. You'll find out if someone has opened credit accounts in your name. You can view what's in your file once every 12 months from each of the three nationwide agencies (Experian, Equifax, TransUnion) at www.annualcreditreport.com

bullet

Read your bank and credit card statements to ensure no unauthorized charges appear.

bullet

Ask about security procedures whenever you are required to share your personal information.  Find out who can access your information and what measures are in place to protect your confidential information.

bullet

5 tips to Protect yourself from Identity Theft

bullet Kim Komando video - You have been hacked now what?
bullet OnGuardOnline - a good source of practical tips to help you guard against Internet fraud and secure your computer
bullet StaySafeOnline.org
bullet How to bank online safely - A secure page starts with "https" rather than the usual "http."
bullet Most browsers show a security icon near the bottom corner. The icon is usually a padlock. Firefox changes the color of its address bar as extra notification.
bullet 11 Tips for Safe Online shopping
bullet Online Shopping tips
blue bullet Quiz ID Theft Faceoff

Password Protection

bullet

A favorite Spammers' tactic is to hijack an account and then use it to send out thousands of Spam e-mails.  To avoid this create a complex password and never give it to anyone.

bullet

Complex passwords consist of numbers and letters uppercase and lower case.   Use a word that is not in the dictionary.

bullet

Use a Password Card  to create and remember a complex password

bullet

Make your passwords unbreakable but memorable

bullet

Create strong passwords - Microsoft online safety

bullet Sans Monthly Security Awareness Newsletter - Protecting Your Passwords