Monday, November 30, 2009

Phishing...10 Scams to Watch Out for


 Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. (Definition from Wikipedia)

I've done some research online and found the ten following phishing scams that you should try to avoid.

1. Google ViddyHo worm: If you use this instant messaging service you may have already fallen victim to the ViddyHo worm. It tricks you by sending a fake message from a "contact" asking you to click on a link. The person is then directed to the ViddyHo website, where they are asked for personal Gmail login information, which is then used to hack into the account. The worm then sends out the same fake message to all of the person's contacts, further spreading its reach.

2. Apple's MobileMe Service: When running correctly, the MobileMe service synchronizes e-mail, calendar and contact information for subscribers on their Apple products. Users have recently reported receiving e-mails stating that their subscription payments did not go through.  The e-mail further asks the victim to follow a link where they can enter credit card information in order to make his supposedly missed payment. To avoid this scam, make sure you check your credit card statements before trusting any e-mails that say your payment didn't go through and always check for a confirmation when possible.

3. Pop-up window phishing: This scam may get you when you are about to make a payment on a legitimate site. As the victim is viewing the legitimate site, a pop-up informs them their session has expired or timed out and they will need to re-enter their login information. This scam is a threat to all Web browsers and operating systems and requires no installation of malware. To protect yourself, make sure to never enter banking information into pop-up windows that appear while you're in the middle of an online banking or credit card session. If you get a pop-up window while you're in this situation, close out of your session, then log back in.

4. Phishing on Twitter: Victims of this scam will receive direct messages from already hacked accounts asking them to follow a link. The link then directs them to a that looks exactly like Twitters login page. After login info is entered, the scam spreads throughout that person's contacts. Watch out for direct messages with links included, one way to notice them are if they say "Check this out" or "Is this you"; If there is a link, make sure the domain is Twitter.com and not something that just includes the word "twitter."

5.Vishing: This is scary because this is a new way of phishing that isn't on your computer but rather your cell phone. Vishing manipulates caller ID instead of links and web pages. You will receive a call from a representative of a bank or credit card company. This fake representative will ask the target to call another number where they will need to enter personal information. This scam can also incorporate e-mail and text-messages where a victim may receive a similar message containing a phone number they'll need to call in order to enter account information. If you think it may be a scam then be sure to call the number on your bank's official Web site, and you'll be fine.

6.  Parking ticket scam: This has been dubbed the "most daring phishing scam to date", where scam artists in North Dakota actually issued cars with fake parking tickets. The faux-tickets included a web address and instructed the recipients to download an application from the site to view a picture of their vehicle. The targets where actually downloading a Trojan application which monitors computer activities. Luckily, this scam is easily detected by most anti-virus software. This scam hasn't been reported outside of North Dakota but you may want to be careful downloading anything from a parking ticket.

7. The 419 letter: named for the Nigerian penal code that addresses crime schemes, shows up as an e-mail from someone looking to give money away in his or her final days. In exchange for your personal information, like bank accounts and routing numbers, the sender promises a large lump sum for your help. You never get the money and the scammer has your info to creating an alternate version of you with credit cards and bank accounts in another country. Sometimes the scammer will send official-looking documents to get you to pony up for shipping and documentation fees, making the whole thing look legitimate.

8. Airline tickets: Be on the lookout for any ticket messages from airlines. E-mails scams are currently going out saying that your credit card has been used to purchase a ticket contained in an attached Zip file. If you open the file, your computer will download malware that can be used to steal your personal information. Should you receive an e-mail like this, do not open any attachments and report the spam to your email host.

9. IRS tax refund scam: You get an email stating you're getting a tax refund from the IRS. The e-mail sender will look convincing, one already known is "tax-refunds@irs.gov" These emails provide a link to a  a special form  you need to fill out to claim your refund. The form asks personal and financial information. FYI: the IRS will never ask for personal info for a refund other than what you fill out when you claim your income to file your taxes. If you have questions about this scam or think you did not get the refund you deserved  contact the IRS directly at 1-800-829-1040.

10. Stimulus offers: Scammer's are taking advantage of financial concerns during the ongoing economic crisis. In this case, victims are tempted with promises of stimulus money. They send you to a convincing fake website, and promise to pursue relief funds and expedited stimulus checks on their behalf for a small fee. The victims lose their initial investment and are then badgered for additional costs and fraudulent charges. If you have any questions or concerns about stimulus benefits, check with official government Web sites like Grants.gov or Recovery.gov.

 If you know of other Phishing Scams that are worth mention, feel free to comment below.

Some of my information was found on switched.com

No comments:

Post a Comment