Maybe you have received an e-mail from Nigeria, as I have, seeking your help in the transfer of large sums of money. Perhaps at one time or another, someone posing as “your bank” has asked for your social security number. There’s even an eBay scam in which the perpetrator uses social engineering to fool victims into giving away their user ID and password.
These are but three of the current “phishing” scams that hook thousands of Internet surfers each year. Phishing schemes use spoofed (faked) e-mail addresses to lead consumers into divulging sensitive financial or personal data.
A year ago, I received several phishing e-mails from a supposed lawyer in Nigeria, requesting that I help him transfer foreign monies from an estate into U.S. currency. He offered to wire me half of the funds, and all I’d have to do would be to give him my bank account number (into which he’d agree to transfer the money). These “dot con-artists,” if you will, usually offer substantial amounts, often in the millions, merely to obtain your banking information (routing number, bank account number, etc). In this case, I obviously recognized it for the scam it was — it just didn’t make sense for someone I didn’t know to contact me from a foreign country and offer me free money.
A good rule of thumb: if it sounds “fishy,” then it is most likely “phishing” — and keep in mind that there has been an recent insurgence in the frequency of these attacks. Say, for example, that a similar hokey e-mail is sent to 50,000 people. If just one percent of them reply, that’s 500 potential victims! And let’s assume that half of these can be duped into divulging their banking information. Then, with very little effort, these internet shysters can walk away with hundreds of thousands of dollars from victims’ bank accounts.
This level of sophistication in social and technical engineering skills is very dangerous in the hands of these “scammer spammers” —
Here are some basic tips to help keep your information safe:
· Consult a professional if you are unable to determine whether a website is safe for conducting business transactions;
· Always keep antivirus and firewall programs up-to-date (a good free antivirus program for personal use can be downloaded at http://www.FowlerIT.com);
· Never give out your username and password, credit card number or other financial information over the phone or by e-mail to anyone you do not know;
· Be cautious about opening attachments; pop-up ads, and file downloads, especially from e-mails.
Data phishing is on the rise and now accounts for 90% of new spoof attacks reported in the United States. Remember — if someone contacts you offering a chance to quickly make large sums of money, with seemingly no risk — they are most likely a phisher or an internet predator of similar ilk. Ask yourself this question: “Does it sound too good to be true?” If so, then — more often than not — it is.
Shane Fowler is the manager and senior technical consultant of Fowler Computer, based in Hampton, New Hampshire. Fowler Computer can be reached at their website (www.fowlercomputer.com) or by phone – (603) 978-3161.
Posted By: Shane Fowler