Computer Malware and Phishing Schemes
“Phishing” is a scam where thieves attempt to steal personal or financial account information by sending deceptive electronic messages that “lure” unsuspecting consumers to malicious websites. The “bait” may be an e-mail, instant message, or pop-up window in which the sender impersonates a bank or other financial institution, government agency, internet service provider,or other company.
In the past, phishing scams typically directed consumers to a website address linked in the message to verify account-related information such as name, bank account number, password, credit card number, ATM PIN number, Social Security number, or home address.
New Bait, Same Scam
Just as fishing lures used to catch fish have grown more sophisticated, so have techniques used to perpetrate phishing. Increasingly, “phishing” e-mails do more than just impersonate a bank in the effort to steal consumers’ information. Thieves may send a spam e-mail message, instant message, or pop-up message that infects the consumer’s PC with spyware and gives control of it to the thief. A spam message may infect your computer when you click a link or picture in the spam message, or when you open an attachment to a spam message. If your PC is poorly secured, it may be infected as soon as you open the spam message itself.
Phishing messages are usually provocative. They may attempt to make you irritated, curious, or amused— anything to get you to open the e-mail, click the link, and silently infect your computer! Once your computer is infected, the malicious spyware can lurk there until it finds and sends to the thief your financial and personal information, such as bank account numbers, credit card numbers, or ATM PIN numbers. Infected PCs often become one in a “bot” network of compromised computers used by the scammer (or leased for use of other scammers) to send spam e-mail or to attack other internet-connected computers.
The Minnesota Attorney General’s Office warns Minnesota consumers and businesses to beware of malicious spam e-mails, instant messages, and pop-up windows designed to steal personal information.
What is Spyware?
Spyware is software that installs itself and sends information from your computer to others without your knowledge or consent. While some spyware programs merely track your web surfing habits in hopes of learning your product preferences for marketing purposes, spyware can also be used by technology-savvy criminals to steal personal and financial information. Modern thieves may use spyware programs, such as “key loggers,” system monitors, and trojans to send keystrokes or pictures of your computer’s monitor to the thieves in the hope of snagging account numbers, passwords, Social Security numbers, or other confidential information that can be used to steal from you or impersonate you in committing other scams.
Most Computers are Vulnerable
Studies have found that over 80 percent of home computers are compromised by spyware. It is estimated that more than one in ten PCs are infected with key loggers, screen monitors, and other malicious programs designed to steal private information and give control of your PC to scammers. Unless you are confident that your computer is secured against these hazards, you should not open spam e-mail or “click” on attachments, images, or links in email messages, instant messages, or pop-up messages.
The Minnesota Attorney General’s Office urges consumers not to open spam e-mail, or “click” on attachments, images, or links in e-mail messages, instant messages, and pop-up messages. Unless you have secured your personal computer, spyware can infect it. Instead, delete spam messages without opening them.
You should never click on links or pictures in spam messages, even to unsubscribe. If you never asked to subscribe to a particular organization’s messages, but receive a message from that organization, it is possible that a spammer is impersonating that organization, and that clicking on the link to “unsubscribe” may infect your computer. You are safest just deleting these messages without opening them. E-mail or instant messages from friends’ computers can be malicious if that computer has been successfully attacked and is sending spam. If you are not expecting a message with links, images, or attachments, it is safer to phone the sender to see if the message is genuine.
For more information on identity theft, or other consumer issues, contact the Minnesota Attorney General’s Office as follows:
Office of Minnesota Attorney General Lori Swanson
445 Minnesota Street, Suite 1400
St. Paul, MN 55101
TTY: (651) 297-7206
- Keep your computer updated. The operating systems of personal computers and the internet-connected software (like e-mail programs, web browsers, and music players) should be updated regularly with “critical” security patches.
- Install a firewall and antivirus software, and keep them up to date.
- Use antispyware programs. There are a variety of reputable anti-spyware products available for free or for a free trial period. Do your research before installing an anti-spyware program. There are many fake programs that may actually infect, rather than clean, your computer.
- Install “pop-up” blocking software. If your favorite browser does not have pop-up blocking features, you might also obtain a free pop-up blocking browser toolbar, which is available from some search engines.
- Make sure the security settings on your internet-connected applications are strong.
Instant messaging settings should prevent unknown persons from sending malicious content, and your search engine (such as Google or Yahoo) can be set such that you do not receive inappropriate or risky search results. E-mail may be adjusted to receive “text” only, and not “active” content or images, which can be malicious.
- Don’t download free software unless you know and trust the source of the software. Free games, toys, file-sharing applications, and other software can be appealing, but may be bundled with unwanted spyware. Read vendors’ privacy policies and end-user license agreements (EULAs) before downloading free software. If these are hard to understand or locate, think twice about installing that software.
Internet Safety: How to Protect Yourself Against Hackers
With the Internet continuing to grow, some criminals, known as hackers, illegally obtain usernames and passwords from websites, making those with an online account vulnerable. Hackers, generally located outside the United States, are difficult to stop because they use cutting edge technology to evade law enforcement and acquire large amounts of information, often undetected.
Scams Targeting Computer Owners
By some estimates, over 85 percent of Americans have a computer in their home. Many computer users do not have the technical know-how to fix their computers when they break or jam. Scammers—many from other countries—seek to exploit these facts.
What You Can Do About Junk Email
Spammers send up to 100 million junk emails a day. Spam emails are not only a nuisance but can damage your computer and allow an attacker access to your private and financial information.