Identity Theft Scams: Spoofing and Phishing
The FBI & Federal Trade Commission (FTC) are aggressively fighting the current battle of identity theft. As part of their strategy, they have issued a warning on how to avoid the manipulative tactics of those that are actively trying to attain your personal information. A few of these tactics to steal your identity include what is called "phishing" and "spoofing."
A recent FBI press release quotes Assistant Director of the agency's Cyber Division, Jana Monroe in saying, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet."
The FBI's Internet Fraud Complaint Center (IFCC) reports an increasing volume in filed complaints that involve customers giving their information to phony websites that mislead users into giving their personal information in hopes of receiving training in various fields that guarantee personal income in the thousands of dollars per week. Assistant Director Monroe stated that these types of scams are big contributers to the rise in identity theft & credit card fraud.
"Spoofing," or "phishing," frauds are when a user receives an e mail from a person or business entity in which they believe they can trust. This is not the case. Spoofing is when the person that sent the e mail is trying to get the end user to give them their personal information in hopes of committing credit card/bank fraud & other forms of identity theft.
"IP Spoofing" is when an intruder tries to gain unauthorized access to computers, which then allows the criminal the ability to send messages from your computer to another computer. This helps the intruder to look as though they are a trust source.
"Link alteration" is when the intruder closely identifies their site with another trusted site. This is done by simply inserting the hacker's address before the actual address in any e-mail, or page that has a request going back to the intended original site. An individual will usually receive an e mail that pushes them to "click here to update" their account information, whereon they are directed to a site that looks exactly like the site they were intending to go to. The person behind these Spoofs or Phishing scams then tries to have the end user follow through by submitting their personal information.
FBI Offers Tips on How to Protect Yourself
- If you come across an e mail that asks you for your social security #, credit card #, or any other personal information, you must take extreme caution and even call the company to ask why they have sent you this e mail.
- When updating your personal information, make sure that you are on a secure website. This is when the front of the address line starts with https:// and not http:// It's also a good idea to call the company you are updating your information with to make sure you get to the right website to update your information on.
- If a website looks different than what you are used to, check it out first before submitting any information. Again, it's never a bad idea to call a company's customer service line to ensure you update your information at the right place.
- Always report fraudulent or suspicious e-mail to your ISP.
- Be sure to look at the header address on the web site. Many legitimate sites usually display the business name followed by ".com," or ".org." Spoof sites tend to have long headers with the name of the business buried in the long verbiage of the header. It's not uncommon for the Spoof site to not have the company name in the header at all.
- If you've been victimized, immediately contact your local police or sheriff's department. A great idea is to file a complaint with the FBI's Internet Fraud Complaint Center at http://www.IFCCFBI.gov.