Phishing: Prevent Yourself from the Fastest-growing Crime

"Victims (of phishing) are vulnerable regardless of education, age, gender, previous experience or hours of computer use" (San Diego Tribune, article "Fight vs. Phishing" by Onell Soto).

What is "Phishing"?

Phishing is a publicized method of personal identity theft. According to dictionary.com, phishing is defined "the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords". "Phishing" comes from the word "fishing", which means technique of catching fish. In this situation, you are the fish. And the lure is simply an email indicated that you just won a lotto draw, your bank need you to verify your account or a very interesting news. If you believe in these emails, you will lose your user ID, password, social security number or credit card information to phishers, identity thieves by phishing.

Phishing is a growing crime. It is happening not only in America but also all over the world. According to Anti-Phishing Working Group, in November 2005, there are 4630 phishing websites. However, in November 2006, this number grows to 37439 (about 710% of 4630). Also in 2006, there are about 3.5 million people in America gave their data to the phishers unexpectedly. Americans lost 2.8 billion dollars because of phishing. eBayer, people who trade through eBay, became big targets for phishers because they use their bank account or credit card very regularly.

How to Avoid "Phishing"?

Phishers create a website that looks similar to an official of a bank or an enterprise's site. Then they send you emails that lure you to use your bank account in their website. For example, I received an email tells me to verify my Paypal account. If I trusted in the email and used that email to log in my Paypal account, I would definitely send my password to phishers. Therefore, do not open any suspected email. Internet Explorer 7 and Firefox 2 have filter to prevent phishing. However, you should not rely too much on it. When you receive an email from a company that you are familiar with, to make sure you are not phished, do not click directly on any link provided in the email. For example, if you received an email said, "to check the status of your account, click here www.examplebank.com", you must open a new web browser and type the website domain in the address bar on your own to make sure that you go to your bank's site, not the fake site created by phishers.

Sometimes, phishers also try to get your data through phone. You should watch for unknown telephone call. Here is my experience. Several months ago, I received an email from amazon.com urged me to update my information. I was aware that could be a fake email and deleted it. A few days later, I received another email mentioned the same thing. The emails kept coming every three days, but I ignored all of them. After about a month, a person called me on my cell phone. He introduced himself as an agent from amazon.com and asked for my password very politely; so that he could help me to update to my account. He insisted one of my item listed in Amazon had been sold but there were some technical problem; I needed to update my data to receive money. I refused to give him any information. He responded amazon.com has no responsibility if my payment was lost and hung up the phone. That was definitely a phisher. When I checked my amazon account, I realized there was no need to update and none of my items was sold.

You must not pass your password or bank account number for anyone through phone. If not necessary, also do not pass your name and your address to any unknown call. You can check where the number is from by using Google (Typing the phone number as format ###-###-####). In my opinion, the best way is to call directly to your service and ask them if they truly need your information or not.

Spyware and virus are useful tool for phishers. They capture your information and send it secretly to the thieves. Therefore, you should keep your computer up to date with the latest anti-virus and anti-spyware software. However, the best way to prevent your computer from spyware or virus is do not go to untrusted websites (most of links in fraud emails contain spyware or virus).

One last tip, when entering sensitive information on the Internet, make sure that you are in a secure website provided by a trusted company. Secure website should begin with https://, not http:// like usual.

If you are phished, like a captured fish, you have very little chance to recover the loss. The thief can use your information and leave you a big amount of debt. Today, there are some companies help you to recover your stolen credit card numbers from the thieves. The law enforcement is trying to protect everybody from identity thief. However, you had better protect yourself first. I hope this article will help you to prevent yourself from phishing.