9:55 am
Tue April 20, 2004

Phishing

A growing online danger.

Wilmington NC – [Click the Listen button to hear Wally's commentary.]

It usually starts with an email that shows up with an urgent and scary message telling you that your account might be closed or that some important personal data has been lost by an organization you do business with. It's called "phishing" with a "ph."

Hi, I'm Wally Bock and in this Postcard from the Digital Age we're going to talk about phishing. Despite the cute name, it's a very nasty thing indeed.

Phishing, as in phishing for information, is what happens when someone pretends to be an organization you do business with and tries to get you to share private or personal information. That could be social security numbers, account numbers, passwords and anything that the bad guy can use to steal your money or your identity.

Identity theft costs folks like you and me $60 billion a year and phishing is number one on the bad guy's hit parade as a way to get your information. Phishing isn't good for business, either.

When a phisher impersonates a bank and then cons bank customers out of their personal information, the bank pays to the tune of $100,000 to $150,000 per incident. That's just the money. The bank's reputation suffers, too.

Phishing began on AOL in the mid nineties, when AOL charged by the minute. It was pretty simple then and mostly used instant messages. Later phishing schemes used email, though, in the beginning, really awful language was a tip-off that the email wasn't legitimate.

Today, things are a lot more sophisticated. You might get an email that purports to be from your bank, complete with what looks like a valid email address. It says that something bad will happen to you if you don't respond. A link is provided to take you to a Web site where you can enter the information and set things right.

The Web site you wind up on may look a lot like your bank's site, but it's really a front that some criminal or criminal organization is using to collect sensitive personal and private information from unsuspecting account holders.

Those emails and the Web sites have been getting more sophisticated lately. And the number of new phishing messages is increasing by more than fifty percent a month.

So, phishing is a fact of life if you're on the Net. Here are five tips to help you deal with it and protect yourself and your information.

Tip number 1 - Expect phishing to increase. It's just too easy to do, too potentially lucrative, and too easy for the bad guys to avoid getting caught for anything else to happen.

Tip number 2 - Forget that stuff you've read about how to check the message headers or the Web link to determine if what you've got is a phishing message. The technology is a moving target and unless technology is your business, you simply won't be able to keep up.

Tip number 3 - Be skeptical. Be very, very skeptical of any email that is urgent or scary and asks you for personal or private information.

Tip number 4 - Remember that your financial institutions and other organizations you trust simply don't ask you via email to verify information, or to go to a Web site and tell them things they should already know. They don't use email to tell you they're going to close your account.

No, my friend, they use postal mail. Any email that is urgent or scary and asks you for personal and private information is probably a phishing expedition. You can probably ignore it.

Tip number 5 - If you have any doubt, check it out. Call or email the institution who supposedly sent you that scary email. Just be sure to use a phone number or email address that you've had in your files for a while. Make physical visit if that's convenient.

It's a sad situation, but there it is. Unless you want to be the phish hooked on some criminal's line, you're just going to have to watch out for yourself and avoid grabbing the bait.