Task 8 - Phishing

Online fraud is on the rise, and the techniques for creating deceptive e-mail messages and Web sites are getting more sophisticated. Con artists have been around since time began, and now that we are in the Internet Age they are on the Web preying on unsuspecting online consumers. Every time you turn around, seems that there is another phishing scam. We get these email's everyday such as email disguised as a FedEX notification, receipts purportedly coming from iTunes for songs we never purchased or have an account with!

Phishing (pronounced “Fishing”) is an online fraud technique used by criminals to entice you to disclose your personal information. Phishing is the fastest rising online crime method used for stealing personal finances and perpetrating identity theft. Phisher's use many different tactics to lure you, including e-mail and Web sites that mimic well-known, trusted brands. A common Phishing practice involves "spamming" recipients with fake messages that resemble a valid message from a well-known Web site or a company that the recipients might trust, such as a credit card company, bank, charity, or e-commerce online shopping site.

The purpose of fake messages is to trick consumers into providing the personal information, such as your social security number or credit card number. Often Phishing messages have deceptive links that actually take you to spoofed Web sites that urge you to enter and submit your personal information. Your personal information is used by criminals to steal your identity, your money, or both.

picture of thief

Quiz - Phishing Scams avoid the bait

SonicWall Phishing and Spam IQ Quiz

How to spot a phishing scam

Video on Phishing by McAfee

Fraud Risk Tests

10 ways to Prevent being Scammed

Protect your identity on the Internet

Spear Phishing

Spear Phishing emails are targeted at a specific companies or organizations.
Spear Phishing at St. Rose

Delete and Disregard these messages! Never provide account information, passwords, date of birth or other personal information. If you have any doubt about the authenticity of an e-mail message forward it to the ITS Help Desk at help@mail.strose.edu

	Many "verify your identity scams" have proliferated user's inboxes over the years attempting to garner personal information. Many times, these scams use fear tactics to try to obtain your information. Major institutions such as eBay, AOL, and Banks have had scam artists fraudulently pose as an administrator from the institution and try to obtain your personal information leading to identity theft. In fact, it is very common to know someone who has had their identity stolen in this manner. Official or important subject matter will be mailed to you through regular mail, not e-mail.
	PayPal Phishing Scam
	EBay/PayPal Email scam
	List of Recent phishing scams
	AOL 'Update Your Account Billing Information' Phishing Scam
	Scam Alert - Fake Credit Report Sites
	Bank Scams
	Citibank Phishing Scam
	How Outlook 2007Anti-Phishing works
	How to report online fraud, scams and theft
	Why is it so difficult to prosecute for online Identify theft
	Why can't Phishing sites be shut down?

Identity Theft

Be careful not to provide ANY personal information via e-mail such as credit card numbers, social security numbers, or any other type of information via e-mail.
	Shred documents such as receipts, old insurance forms, credit card statements or any document that contains personal and confidential before throwing it away.
	Identity theft is running rampant and credit is big business. It seems there's another story about it in the news every day. There are identity theft protection products such ProtectMyID recommended by Kim Kommando. The FTC recently took on LifeLock because it "guaranteed" protection and the FTC found them inadequate quoting that "you could drive a truck through LifeLock's protection services."
	You should check your credit report regularly. You'll find out if someone has opened credit accounts in your name. You can view what's in your file once every 12 months from each of the three nationwide agencies (Experian, Equifax, TransUnion) at www.annualcreditreport.com.
	Read your bank and credit card statements to ensure no unauthorized charges appear.
	Ask about security procedures whenever you are required to share your personal information. Find out who can access your information and what measures are in place to protect your confidential information.
	5 tips to Protect yourself from Identity Theft
	Kim Komando video - You have been hacked now what?
	OnGuardOnline - a good source of practical tips to help you guard against Internet fraud and secure your computer
	StaySafeOnline.org
	How to bank online safely - A secure page starts with "https" rather than the usual "http."
	Most browsers show a security icon near the bottom corner. The icon is usually a padlock. Firefox changes the color of its address bar as extra notification.
	11 Tips for Safe Online shopping
	Online Shopping tips
	Quiz ID Theft Faceoff

Password Protection

	A favorite Spammers' tactic is to hijack an account and then use it to send out thousands of Spam e-mails. To avoid this create a complex password and never give it to anyone.
	Complex passwords consist of numbers and letters uppercase and lower case. Use a word that is not in the dictionary.
	Use a Password Card to create and remember a complex password
	Make your passwords unbreakable but memorable
	Create strong passwords - Microsoft online safety
	Sans Monthly Security Awareness Newsletter - Protecting Your Passwords