Phishers shop for holidays, too
As the holiday shopping season revs up, so do cyber criminals.
An increasing number of cyber criminals are trying to lure online shoppers into divulging sensitive information on bogus forms or into clicking on viral Web links or videos that will infect users' PC with a nasty data-stealing program.
Phishing plays on people's fears and expectations. Phishing always grows with holiday shopping, celebrity scandals, weather disasters and big sporting events. Here are some tips from experts on how to protect yourself.
Be on high alert for:
-- Bogus forms . E-mails and pop-up messages that ask you to type your account user name and password, credit-card number or personal information -- such as Social Security number and date of birth -- are usually bogus.
"Be very skeptical when opening e-mails," said Daniel Salsburg, assistant director of the Federal Trade Commission's division of marketing practices. Legitimate organizations never solicit such information in an e-mail.
Don't reply. Instead, independently find the organization's phone number and call to verify the request. Never use a phone number listed in the potentially malicious e-mail.
-- Personalized warnings. Phishers will suggest urgent action that must be addressed in connection with an IRS, Social Security or Department of Motor Vehicles matter. The scammer even might use private information culled from a simple online search or from a social network to get you to submit information or click on a viral Web link, Salsburg said.
Some scammers do research on jobs websites to target the unemployed with bogus work-at-home schemes, said Peter Cassidy, secretary general for the non-profit Anti-Phishing Working Group.
"The bad guys see opportunities to feast on the people who are looking for work," he said.
-- Innocent messages. An e-mail from a co-worker that says to open a file to see vacation or baby pictures could be a threat. The most effective phishing scams are the ones consumers least expect.
"Everyone has to be suspect," Cassidy said. "Take nothing for granted."
Scammers make up cyber personalities and gain people's trust over time. The scammers then say they need help and ask victims to wire them money.
In addition to being wary of attacks, users should be careful of data they can access at work -- information that might be valuable to criminals. Be circumspect about online relationships. Holding a position of power or influence can put you at a higher risk of being targeted.
Even those who don't think they have power could be attractive targets for scammers.
"Don't consider yourself too small to care about," Cassidy said.
Another piece of advice: Slow down. Don't automatically click on every link you get in your inbox. Navigate to the site's home page and "don't wander aimlessly into websites," he said. "Direct your path through the Web."
Anti-virus protection and updated software and browsers also are important to protect private information from phishing, Cassidy said.
Reporting scams helps stop them
Victims of phishing scams are encouraged to report them.
The Federal Trade Commission collects the e-mails for research about spam trends and puts them into a database made available to law enforcement agencies, says Daniel Salsburg of the agency.
The FTC also builds cases against scammers by using e-mails sent in by consumers. This year, the FTC received a court order banning a man from sending mass text messages and e-mails that deceptively advertised home-loan modifications.
"It was made possible because of the volume of e-mails consumers had sent to us," Salsburg says.
Forward phishing e-mails to:
-- Federal Trade Commission at spam@uce.gov
-- Anti-Phishing Working Group at r eportphishing@antiphishing.org
-- The company, bank or other organization that the e-mail impersonated.
File a complaint with:
-- FBI's Internet Crime Complaint Center at www.ic3.gov/
For more information about phishing, go to OnGuardOnline.gov -- a partnership of 15 government agencies that aims to protect Internet users.
