Phishing for Dollars

Be Wary of E-mail Con Artists

by J. M. Pressley
First published: August 20, 2007

The price we all pay for the convenience of e-mail is the relative ease with which criminals perpetrate e-mail scams on unsuspecting users. Don't take the bait if it's offered.

Someone overseas requests help moving a huge quantity of money using your bank account in exchange for a percentage of the money as payment for your assistance. You're notified that you're a winner in an international lottery that you don't remember entering. Your bank requests verification of your personal data to avoid shutting down your account. The price we all pay for the convenience of e-mail is the relative ease with which criminals perpetrate e-mail scams on unsuspecting users.

Each case is an exercise in social engineering; someone is trying to trick you into divulging personally sensitive information such as your bank account number, social security number, ATM code, password, or anything else that could be used to compromise your security. The most recent incarnation of this scam has come to be known as phishing. In this instance, the scammer poses as a trusted entity via e-mail. The e-mail looks authentic. It has a corporate logo and looks like other e-mails you may have received in the past. All you have to do is click on the link provided in the e-mail and use an online form to submit your account information.

Don't do it.

The link typically forwards you to a fraudulent site, and any information you submit will be captured by someone hoping to steal your money or identity. Using this information, the scammer may defraud you or even commit crimes in your name. Unfortunately, phishing has been a lucrative business. Approximately 1.2 million people fell prey to phishing scams within the past year, and the financial impact to victims totaled nearly $1 billion as a result (Source: Federal Trade Commission). However, there are steps you can take to protect yourself from phishing.

  • Be wary of any e-mail that asks you for personally sensitive information such as credit card numbers, your SSN, bank account, password, etc. Legitimate companies go out of their way to tell you that they will not ask for this sort of information through such an insecure channel as e-mail.
  • Don't click on links within a suspicious e-mail, and don't respond to the sender.
  • Report and forward any suspicious e-mail to the organization the e-mail claims to represent.
  • Avoid submitting sensitive information through unsecured or suspicious Web sites.
  • Review your financial statements regularly for potential fraud.

If you suspect that you've been a victim, you may file a complaint with the Federal Trade Commission (FTC). The FTC has a number of resources to help you learn more about identity fraud schemes such as phishing. Visit www.consumer.gov/idtheft for more information. As a rule of thumb, however, never send anything through e-mail that you wouldn't want posted on a billboard somewhere. Always be sensitive about sending sensitive information in e-mail.