On-line fraud is a huge problem - especially for small businesses and consumers - and the losses generated are soaring. The Annual CyberSource Fraud Survey estimates that online scammers bilked their victims out of some $2.6 billion in 2004, an increase of more than 50 percent over 2003. Businesses believe these scams will be an even bigger problem this year.
If you pay bills online, manage your finances, or buy goods or services over the Internet, be extremely cautious, and - most importantly - never respond to emails requesting personal details (account numbers, passwords, address information, etc. etc.). If you havenít already, it is probably only a matter of time before you are contacted via email by a sophisticated scammer running a phishing scheme. Phishing is short for "password harvesting fishing" and it is a particularly insidious form of online fraud. It is designed to trick you into providing a scam artist with sufficient personal details to enable them to steal your money and/or your identity.
Unlike other online spam and fraudulent offers, phishing emails look authentic. The stakes are high for phishers, and the scam artists behind these efforts are ambitious, highly motivated and sophisticated. They often pose as some of the Internetís biggest and best-known names - including Ebay. Their email messages look "right" - just like the real thing. Their requests are professionally written and have all the right corporate graphic elements. Though their methods are highly evolved, their goal is simple - to get your password or account number and steal your money.
Hereís a short list of phishing "red flags":
- A company contacts you via email and asks for verification or submission of personal data. No reputable business would ask for this type of information in an email.
- The email is an urgent request. It may say your account is about to be suspended or that the companyís site has crashed and your account details have been lost. The phisherís email will either contain forms for you to fill in or an embedded link to take you to site where you can fill in the personal information "needed".
- Pay attention if the URL (uniform resource locator) doesnít look quite right. A common scammer trick is to try and make you think you are visiting a particular business site by "hijacking" the name of a legitimate website address.
- Check the actual domain name. Whatever comes right before the domain extension (the bit before the ".com") is the actual domain site. In this way, http://www.authentic_shop.com gets you to the content on a website for the retail firm called Authentic Shop. However, http://www.authentic_shop.scam.com will get you to the scam website.
- Also check the domain extension. If you are visiting a legitimate commercial business website, it usually will end in ".com" not ".org" (used by organizations, non-profits, etc.) or ".edu" (used for schools and other learning institutions).
- Secure sites requiring a password (where it is safe to conduct transactions) have "https" in the URL and a padlock icon (usually lower right). If you donít see these, you are probably visiting a scammerís site.
- Be cautious about the links you receive in seemingly "urgent" emails. Some phishing scammers use links that appear to connect to a legitimate site but actually connect with the scammerís own site. You can spot this type of "link masking" by letting your mouse pointer hover over the link long enough for the actual link address to pop-up. Many phishing sites use IP (Internet Protocol) addresses, which are a series of numbers rather than a name. If something like 126.96.36.199, instead of a name, pops up next to the link, donít tempt fate.
- Err on the side of caution; avoid all dubious links and type in the URL addresses you know are correct. Yes - it takes a little longer than clicking but keyboarding means youíre in control of what site youíre visiting.
Scammers continue to be crafty and creative in their efforts to pilfer your hard earned cash. Be cautious, read domain names carefully and donít be caught off balance by "urgent" email requests. Finally donít give out passwords or other important personal data in emails.