Save Money

  PrePaid Cell Phones

  Houses

  Cars

  Internet Scams

  Investing

  Your Own Business

  PayDay Loans

In the cyber-world phising (also known as carding and spoofing) is a form of illegal activity whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or IM.

Identifing Phising Attempts

• If an e-mail addresses a user in a generic fashion ("Dear valued eBay member") it is likely to be an attempt at phising.
• The appearance of links in the message- e.g the link http://www.google.com@members.thinkbank.com/ may deceive a casual observer into believing that the link will open a page on www.google.com, whereas the link actually directs the browser to a page on members.thinkbank.com.
• Misspelled URLs or the use of subdomains are other common tricks used by phishers ,e.g URL, http://www.namebank.com.example.com
• Cross site scripting- In this attack method users may receive a message saying that they have to "verify" their account, by following a link to what appears to be an authentic website; in reality, the link is forged, although it is very difficult to spot that the link is manipulated to perpetrate this attack.
• Internationalised domain names in web browsers might allow visually identical web addresses to lead to different, possibly malicious, websites
  
  
  

  I think I gave my bank account or credit card information to a phisher!

  If you suspect you might have entered any financial information at a phishing site, contact your financial institution immediately! Change your password as soon as possible before a phisher can lock you out of your account. You might also want to follow the advice from the Federal Trade Commission (FTC) for identity theft victims.

  Quick Facts

  Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. To avoid getting hooked:

  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.
  • Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
  • Don't email personal or financial information.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
  • Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
  • If you've been scammed, visit the Federal Trade Commission's Identity Theft website at ftc.gov/idtheft.