Beware of Phishing

We live in the land of 10,000 lakes, but not all fishing in Minnesota involves walleye or northern pike. Attorney General Lori Swanson warns consumers to be on guard against fraudulent operators “phishing” (not “fishing”) for consumers’ personal information.

According to the FBI’s Internet Crime Complaint Center, in 2006 Internet fraud reached an all-time high, costing victims $198.4 million, with phishing being the top form of internet fraud. Increasingly, fraudulent operators are using throw-away e-mail accounts and other advancements in technology to avoid detection and steal consumers’ information, identity, and money.

Phishing generally occurs when fraudulent operators send e-mail impersonating financial institutions, government entities, internet service providers, national chain retailers, internet auction companies, or other companies, requesting that consumers “verify” their personal information. Scam artists then use this information to commit identity theft. Phishing can also occur over the phone, through text messaging, through phony or hijacked websites, or social networking sites.

E-mail Phishing.

In the most common variation of phishing, fraudulent operators contact a consumer through an e-mail that appears to originate from a company that the consumer does business with such as a bank, online auction company, or retailer. The fraudulent e-mail asks the consumer to disclose their credit card number, ATM PIN number, Social Security number, or other personal information. Often, the message will indicate that the consumer’s account has been frozen or their security has been jeopardized and urges the consumer to act immediately. Scam artists use fear and urgency to pressure consumers to act rashly in disclosing information that they otherwise would not share. The consumer’s information is then used to commit the crime of identity theft by withdrawing money from the consumer’s accounts, or obtaining credit in his/her name.

Phishing scams may be particularly hard to spot, since the e-mails frequently use an official-looking appearance. Phishing scam e-mails frequently copy the logo of the company they are impersonating in an effort to trick consumers. Such e-mails often include a link to a fraudulent website.

Website Phishing.

Fraudulent operators create fake websites designed to look identical to the website of a well-known company. Scam artists then use sophisticated tactics to cloak the Universal Resource Locator (“URL”) of their fake websites. The URL is the address of the webpage that appears at the top of most internet browsers. Although the false URL may indicate the page belongs to a particular company, it actually belongs to a scam artist. Such tactics are designed to trick a consumer into believing that he/she is dealing with an entity that he/she trusts.

Scam artists may also hijack legitimate websites in order to re-direct the consumer to their own fraudulent website (sometimes called “pharming”).

Fraudulent operators may also use “spyware” software to track the websites that a consumer accesses from his/her computer. Fraudulent operators use a consumer’s web history to create “pop-up” windows, which appear on the screen when a consumer accesses the website of a given company. The “pop-up” message then asks the consumer to “verify” their personal information. Consumers may believe that the “pop-up” window is associated with the company’s website and agree to disclose their information to the fraudulent operators. Consumers may inadvertently download spyware to their system by clicking on a link on a fraudulent website that they believe to be legitimate.

Fraudulent operators also set up fake websites within social networking websites, in order to “phish” for consumer’s private information. Since some of these websites cater to young consumers, they may be especially vulnerable to phishing.

Phony Government E-mail Phishing.

According to an alert released by the Federal Trade Commission (“FTC”), some consumers have fallen victim to e-mail requests asking them to disclose their financial information to the “federal government” in accordance with federal law. The Internal Revenue Service (“IRS”) and the Federal Deposit Insurance Corporation (“FDIC”) have put out similar alerts. In fact, there is no federal law requiring consumers to register such information with the federal government, and the senders of these e-mails are actually fraudulent operators phishing for information to commit identity theft.

“Vishing” and “Smishing”.

“Vishing” and “smishing” are variations of phishing that may be executed through the telephone or SMS (“short message service”). In a typical vishing scam, a consumer may receive an e-mail indicating that the of their account has been breached. The message may simultaneously warn the consumer about e-mail phishing scams and therefore request that the consumer contact a telephone number listed within the message. The phone number will redirect the consumer to a boiler room fraud operation where they will be asked to disclose their personal information, which will undoubtedly be used to commit identity theft. Vishing can also include traditional telemarketing fraud where a scam operator cold-calls a consumer and uses some pretext to request that they disclose their private information. In the case of smishing, a consumer receives similar communication through a text message, SMS, or hand held computer.

The Attorney General’s Office provides the following tips to avoid phishing scams:

Report internet fraud to the Federal Bureau of Investigation’s Internet Crime Complaint Center online at: www.Ic3.gov/  (External Link) and contact the following agencies:

Federal Bureau of Investigation
Minneapolis Office

111 Washington Avenue South, Suite 1100
Minneapolis, MN 55401
763-569-8000
www.fbi.gov  (External Link)

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue NW
Washington, D.C. 20580
Toll free: 1-877-382-4357
www.consumer.ftc.gov  (External Link)

United States Secret Service
Minnesota Electronic Crimes Task Force

300 South Fourth Street
Minneapolis, MN 55415
(612) 348-1800
www.secretservice.gov/ectf.shtml  (External Link)

Related Posts:

Guarding Your Privacy

Identity theft is on the rise nationwide and is helped along by lenders and creditors who are willing to grant thousands of dollars in credit in mere minutes with little or no proof of identity. This booklet will help you guard your privacy, protect your personal information and avoid identity fraud.

Test Message Phishing - or "Smishing" - Scams

Text message or SMS phishing - also called "smishing" - occurs when scam artists use deceptive text messages to lure consumers into providing their personal or financial information by posing as a government agency, bank, or other company to lend legitimacy to their claims.

Voice Phishing - or "Vishing" - Calls

In voice phishing - or "vishing" scams, callers impersonate legitimate companies to steal money and personal and financial information. And these scams are on the rise.