Know About E-mail Phishing and Identity Theft

Phishing is a type of fraud aimed at stealing your identity or sensitive (usually financial) information, such as service account credentials, credit card numbers, passwords, social security numbers, etc. It does this by convincing you to provide the data by forging the information about the real recipient of your data. You may receive an e-mail that looks like it's been sent by your bank, but instead your reply will go to the cheater and your credit card number may be stolen and used without your knowledge.

Just think about it: "seventy percent of Internet users have never heard of phishing or are not sure that it refers to e-mail scams which try to trick users into divulging sensitive information"! Phishing emails look exactly like they're from legitimate banks or credit card issuers. It's no surprise that the lack of knowledge results in $500 million losses and numerous identity theft cases. Wikipedia points to even more terrible numbers: "between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately $929 million USD; U.S. businesses lose an estimated $2 billion USD a year as their clients become victims; the United Kingdom also suffers from the immense increase in phishing; in March 2005, the amount of money lost in the UK was approximately ??504 million GBP".

Here's a sample of typical phishing email:

Can you be sure that this e-mail is really from SouthTrust bank? The right answer is: no. This is a real phishing e-mail we found during the problem research. It was very carefully crafted, so usual methods advised to users for phishing evidences checks, were simply fooled.

There are various types of phishing scams, and almost all of them start with sending millions of e-mail messages to millions of e-mail addresses, and your address might be among those millions. Messages sent by a cheater may look like they came from your bank, or your credit card company or some online service you have been using for years. Such messages mimic all attributes of legit e-mails except they lead you to the wrong site and try to convince you to leave your data on this site.

But more dangerous is the fact that many phishing e-mails are aimed at corporate networks. What if your company faces an attack which was planned and aimed specially at your company?

Speaking of spam and phishing prevention systems, did you know that your spam filter which passes e-mails for PayPal or eBay will automatically pass e-mails which mimic legit e-mails from those services as well? And, as was mentioned above, anti-phishing networks intended to counteract widespread phishing attacks are almost useless when your company the only target of a fraud.

• How can Scam Sensor help?

• How can Scam Sensor help?
• How to detect a fraudulent e-mail message?