GONE PHISHING! - BEWARE 'ACCOUNT UPDATE' EMAILS

Phishing (pronounced 'fishing') is a breed of internet-based fraud and identity theft, and can be so convincing that many times people don't even realize what has happened to them until their bank account is empty, or their house is about to be reposessed.

It all begins with an email, from an apparently trusted source, such as a national bank or other large, well-known institution such as Ebay or PayPal.

This email tells you that your account information is out of date and you need to update it, usually under the guise of protecting your security. Another tactic is to inform you that there has been a security breech, which was prevented by their security system, but that you need to update your login and password.

These emails can take many forms. The first ones were Internet versions of some old real-world scams, claiming that either some obscure relative, usually in another country, had recently died, or a foreign diplomat fleeing an evil dictatorship needs you to look after his fortune. Both promised that riches would be wired to your bank account when you send the information.

More recently, there have even been some very daring emails telling you that someone tried to get into your account, and that the security company needs you to fax your account information to assist in an investigation.

Even though this may appear just plain stupid, with so many disposable communications devices, such as pay-as-you-go cellphones, it is very hard to catch someone in the act. Also, people somehow feel safer with a fax than a web site or email.

Recent phishing emails are very sophisticated, and are backed up by convincing web sites. These are usually copies of the real sites, and the links even work.

According to the Anti-Phishing Working Group, in August 2005 there were 5,259 of these phishing sites on the Internet. Once the victim has been tricked into either updating their details, or just logging in, the scam is complete.

The fraudsters behind the email now have enough information about the victim to transfer funds to a temporary account in another country, write counterfeit checks, or even take out a loan somewhere, using their bank / credit status.

Worse, they could also open an account, and then use that to 'launder' funds from other victim's banks or register the next phishing web site.

Many people ask, 'How do they know I have an account there?'
Quite simply, they don't. There are so many people in the world who have accounts with large institutions that these emails, sent at random, are bound to come across enough people to make the scam worthwhile.

If you're wondering how people can get away with such things, they are almost always in distant countries, such as Asia and Africa. They also run the scam over a very short period, and are long gone before the local authorities can get to them. Also, by using their victims identities/credit cards, they become much harder to track.

How can you protect against this type of fraud? There are several ways.

Never click anything in an email which leads to you being asked for sensitive information, even if it does appear to come from a bank or institution you have an account with.

If you have any doubt that an email may be a scam, open your browser and login to your account that way. This type of con only works if you click the link.

Always look very carefully at the address bar in your browser if you have ever clicked such a link.

Even if your banks name IS in the address somewhere, if there is also an IP Address (4 sets of numbers seperated by periods) or a strange domain name, this is 99% certainly a fraud.

If you have recently received such an email, and did click the link and update any information, contact your bank immediately, and confirm that, if it was an email that required you to login, it was sent by them.