Phishing Scams
Phishing is the act of sending an email falsely claiming to be an established legitimate business in an attempt to scam the email recipient into surrendering private information that will be used for identity theft. The e-mail directs the recipient to visit a website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the user’s information. Phishers send email "spam" to large groups of people, because even if only a few people read the email and act on it, the phishers have it made.
Not all phishing attacks require a fake website. In an incident in 2006, messages that claimed to be from a bank told users to dial a phone number regarding a problem with their bank account. Once the phone number was dialed, prompts told users to enter their account numbers and PIN. The number was provided by a Voice over IP provider.
Examples of Phishing
- In spring 2006, the Credit Union Association (CUNA) of Oregon's website page, www.creditunion.coop, was phished. Phishers created an exact replica of the CUNA's home page, except under the Fraud Alert section, it advised members that they needed to update their profile in order to protect their private information. The link provided was a bogus website to steal private information.
- In February 2006, the IRS issued a phishing alert regarding an Internet
scam in which consumers receive an e-mail informing them of a tax refund.
In this case, consumers received one of two emails:
- Email claiming to be from the IRS informing they were eligible to receive a tax refund for a given amount. The receiver was directed to a link that requested personal information such as social security number and credit card information.
- Email with the subject "Refund Notice" that claimed to provide information regarding the status of the receiver's IRS tax refunds. The email contained a link that mirrored the true IRS website, but asked the receiver to enter their first and last name, social security number or IRS Individual Taxpayer Identification Number, and credit card information.
- A PayPal phish was going on last year. The email received looked exactly like an email from PayPal. However, it contained spelling mistakes, lacked a personal greeting, and instead of the PayPal website, it listed an IP address in the link (a set of numbers such as 12.123.1234).
- In another phishing example, an email prompts members to fill out an online "survey" that asks for the name of their financial institution, passwords, email addresses, and other personal account information. In exchange, at least one version of the scam promises a retail gift card valued up to $500. The consumer will never receive the free gift card. The only thing they will get is a headache, because his/her identity will be stolen.
This style of identity theft is becoming more popular, because of the ease with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers maiden names. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name, ruin a victim's credit, or even prevent victims from accessing their own accounts.
KaiPerm NW will NEVER ask for you to reveal your account information via an email or by direction to a website.
What You Can Do
If you are ever in doubt of a request for information that you receive in an email, call the company directly to verify. Do not accept at face value any requests for personal information made to you via email.
Report all suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you have been a victim of a fraudulent scheme, file a complaint at www.ftc.gov, and visit the FTC's Identity Theft website (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from the identity theft.
