Phishing On The Rise

Be alert as fraud attempts increase

If someone showed up at your house, wearing a carmaker's hat and jacket and asked to borrow your car to do some maintenance, you probably wouldn't hand over your keys.

But when it comes to the internet, people seem surprisingly trusting.

I've written about phishing before but I wanted to revisit it because the problem seems to be getting much worse. In fact, attacks have nearly doubled since the beginning of the year.

Phishing, for those who are late to class, is the use of fraudulent (but plausible looking) emails and websites which try to persuade the gullible to hand over their bank or credit card details to criminals.

A recent report said that 1.78 million Americans have fallen for such scams and provided sensitive information to fraudsters. Perhaps as much as $1.2 billion has been stolen as a result.

This is a summary of the Anti-Phishing Working Group's recommendations:

•	Be suspicious of any email that asks for your personal financial information
•	Don't click on any links in emails. Instead, enter trusted addresses manually or telephone the organisation. Spoof emails and websites will look exactly like the real thing, so only use website addresses you know and trust
•	Only give credit card information over secure website links (not by email) to trusted organisations. Look for sites that start with https and display a padlock - these use encryption to ensure privacy
•	Regularly check your bank and credit card statements and online accounts to make sure that there are no suspicious transactions

Besides these commonsense recommendations, having an effective spam filter will eliminate many spoof messages.

Apply the same level of scepticism to online promises of easy money, unexpected lottery wins and chain letters.

Unfortunately, phishing isn't the only threat to your financial wellbeing. A new virus, called Korgo, emerged this summer and steals credit card numbers as you type them into websites. It gets onto your computer the same way that Sasser did: leapfrogging from machine to machine on its own.

It's only able to attack machines that don't have effective firewalls and aren't up to date. Once installed, you need good antivirus software to find and root it out.

If you think your private information has been compromised contact the police and your bank immediately.