This website requires you to provide personal financial information to verify your account or even allegedly to protect you from the very type of fraud that you are about to become a victim of. One telltale flaw in phishing schemes is that although the website to which you link from the phony email appears to be legitimate, if you look closely at the web address, you will notice that it is not correct.
Unfortunately, many victims do not notice that the domain name does not match the site to which they have been directed. One early phishing expedition set up a phony America Online website. The conmen sent email messages to their victims claiming that there was a problem with their America Online accounts and, if they did not update their billing information, their AOL accounts would be canceled, causing a loss of Internet access.
The email message directed the victims to click on a hyperlink contained in the fraudulent email to reach the AOL Billing Center. The people who did this ended up at a website that looked amazingly like the real AOL website, but it was a phony. The unwary victims were then instructed to provide the credit card numbers for the cards they used to pay their AOL accounts.
They were also asked for a new credit card number to replace the one that was alleged to have resulted in the original problem with the billing. In one variation of this con, the scammer also asked for the customer’s name, mother’s maiden name, billing address, Social Security number, bank routing number, 2 and AOL screen names and passwords, a veritable mother load of potential identity theft information.
Another phishing expedition involves an email from your bank with information to help you avoid identity theft. It tells you that the bank can provide you with a special security system that will generate online codes with which you can conduct online business without the fear that your personal information will be compromised. The email goes on to tell you that all you need to do to register for this service is to click on the link contained in the email to direct you to the website to register for the security system. That is the carrot approach.
However, the same email also uses the stick approach and informs you that if you do not complete the application for the new security system, your online access to your bank account will be temporarily suspended for security reasons. The email looks quite authentic. I received such an email and might have even been tempted to respond to it had I actually been an account holder at the national bank that contacted me about my account.
Scammers send out waves of emails without knowing who is and who is not a customer of the particular bank. It’s a numbers game to them that at least some of the people who get the emails will indeed be customers of the bank and fall for the scam.
If you click on to the link to which the email directs you, you are also in danger of unwittingly downloading a Trojan horse keystrokelogging program without your being aware of it that can provide the scammer with passwords and other important information from your computer that can be used to defraud you.
Even worse, if you go to the website to which you are directed, you will find that you are asked, for identification purposes, to provide your user ID and password, which in turn gives the scammers all the information they need to empty your account at that bank.
TIP : You can install many kinds of antiphishing software on your
computer that will warn you if you are on a known phishing
site. A good one that is available free is Netcraft, which you can
download at www.toolbar.netcraft.com.
The truth is, your bank or Internet server will never contact you in this manner. If you get an email that purports to be a notice that an account of yours will be closed unless you reconfirm your billing information, do not follow the prompts to reply or click on any hyperlinks contained in the email. Instead, contact the real company at a telephone number that you already know to be accurate and inquire about your account.
Read More : Theft Identity via Phising
