Criminal "phishing" attacks have risen by nearly 600 percent this year, according to a report from the Anti-Phishing Working Group, an association of financial institutions, online retailers, law enforcement, security and research groups that have combined forces to fight Internet crime.
Phishing is typically carried out by e-mail, instant messaging or text messages that appear to be from banks, online retailers or auction sites. Phishers are using increasingly sophisticated techniques to trick people into divulging information, usually by directing them to a fake website that appears nearly identical to the legitimate site.
Earlier this month, for instance, the FBI announced it had arrested 100
members of an international criminal ring that used e-mails to direct banking
customers to phony bank Web sites, where they were asked to provide account
log-ins, passwords and other information the crooks then used to raid their
bank accounts. Victims included
thousands of customers at U.S. banks, including Wells Fargo and Bank of
America, according to the industry trade publication Bank Information Security.
As Mueller put it:
“After changing all our passwords, I tried to pass the incident off to
my wife as a ‘teachable moment’. To which she replied: It is
not MY teachable moment. However, it is OUR money. No more Internet banking for
you!”
The reality is that cybercrooks are getting better at what
they do and bank or credit card accounts are among their prime targets, so
assuming you’re not at risk is the true mark of naïveté. Even our
technology-savvy colleague Paul Eng describes how he almost fell for a clever
phishing text message that appeared on his cell phone, falsely warning him that
his Chase card had been deactivated and instructing him to call a toll-free
number listed in the message to provide information needed to reactivate his
account.
Ironically, customers at credit unions, community banks and
big banks such as Citibank recently have been targets of robo-calls that claim
the customer’s account has been temporarily suspended because of a suspected
security breach. Customers are
instructed to “press 1 now” to be transferred to the bank or credit union’s
security department, where they supposedly can reactivate their accounts by
entering their debit or credit card account numbers and PINs. That gives thieves what they need to
start charging away or draining bank accounts, making that imaginary “suspected
security breach” a reality.
The bottom line: Never respond directly to phone calls or
click on links in messages sent to your computer or cell-phone that purport to
be from your bank or any other company you do business with, no matter how
urgent or persuasive the message is. Instead, initiate a call yourself to the
customer service number listed on your monthly account statement to verify that
any communication you’ve received is legitimate.
You’ll find more detailed advice here on how to spot and avoid phishing scams. Plus, you can take a Consumer Reports test to see if you can spot fake e-mail here.
And if you’ve already given out information you shouldn’t have or clicked on a link in a suspicious message that may have infected your computer with malware, here are some tips on what to do to limit the damage.–Andrea Rock
Previous
Post a comment
Comments: