Rising scam uses e-mails as traps -- Internet Scams

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, [3], 4 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 04:06:14 03/20/04 Sat
Author: Hell
Subject: Rising scam uses e-mails as traps

Rising scam uses e-mails as traps

RECIPIENTS YIELD PERSONAL DATA

By Deborah Lohse and Dan Lee

Mercury News

Joe Boone was annoyed with his bank Friday morning, when an e-mail arrived asking him to log onto his Wells Fargo account to read an ``Urgent Customer Alert.''

He called the bank instead. ``I said, `What's this about? I don't intend to respond to this e-mail.' '' Boone, the chief financial officer of Orion Logistics in Richmond, never gives out personal information on e-mails because of the potential for identity theft.

Turns out, his instinct was right.

The realistic-looking e-mail, sent to an unknown number of recipients in California and nationwide, was one of the increasingly sophisticated ``phishing'' scams sweeping the country. Scammers are phishing when they send out fraudulent e-mails hoping to induce recipients into giving out personal information, often by steering them to a fake Web site.

Phishing attacks soared 60 percent last month, with 282 different attacks worldwide in February compared with 176 in January, according to a monthly report released Friday by an industry organization, the Anti-Phishing Working Group. Like e-mail spam, each phishing attack can be mass-mailed to thousands or even millions of people.

The term ``phishing'' refers to fishing for victims on e-mail. The spelling was inspired by the name given an early form of hacking, ``phone phreaking,'' to get free long-distance telephone service.

Wells Fargo confirmed Friday that it has been the victim of two recent phishing attacks. Wendy Tazelaar, compliance manager for Wellsfargo.com, said the attacks were sent to an unknown number of randomly selected recipients, both Wells Fargo customers and non-Wells customers.

EBay a target

Banks aren't the only targets of phishing. According to the Anti-Phishing Working Group, San Jose online auction leader eBay was the most common single target of phishing in February, followed by Citibank and PayPal. Financial services was the most targeted industry.

Last month, 104 separate phishing attacks targeted eBay customers, up from 51 in January, according to the report. Hani Durzy, a spokesman for eBay, said eBay users can now download a ``tool bar'' from the eBay site that flashes red if a user opens a known spoofed site for eBay or online payment service PayPal. It flashes green on a safe site and gray on an unknown site.

``We believe that an educated customer base is the most potent weapon against phishing scams,'' said Durzy, who added that users can link to a security center from any eBay site.

In the Wells Fargo phish attack, Tazelaar said the scammers don't have Wells Fargo customer lists or other personal information. ``Our system has not been accessed,'' she said.

The e-mail Boone received appeared to open directly to Wells Fargo's log-in page, and invited recipients to log in to get an ``Urgent Customer Alert'' in Wells Fargo's internal e-mail system.

But if recipients had done so, they would have been sending their online user name -- which for many customers is their Social Security number -- and their passwords to the scammers.

``They could have taken money out of my account,'' said Boone.

Tazelaar said she doesn't think any customers have had money taken from their accounts, but if they did Wells Fargo would reimburse them in full.

ID theft is goal

Experts say it is rare for scammers to use information they score in phishing schemes to siphon bank accounts, perhaps because that would require an extra step of setting up a new account to receive the money.

Instead, phishers tend to use information to steal people's identities. The quickest and most desirable phishing prize is credit card numbers. ``The credit cards, that's where the pot of gold is for the bad guys,'' said Jim Van Dyke, founder and principal analyst of Javelin Strategy & Research, a Pleasanton research and consulting firm.

Many of the most effective schemes, security experts say, play on people's fear of being the victim of fraud. Many of these e-mails -- including the March 10 attack on Wells Fargo -- suggest there might be a problem with the recipient's account.

Banks are trying to prevent such disasters. Wells Fargo launched a fraud-prevention section Friday on its Web site.

The big message: Don't ever give out personal or financial information in response to an unsolicited e-mail. And don't click on what appear to be links from a trusted source, because those links can be faked.

``Wells Fargo would never request your confidential information in an e-mail or a pop-up ad,'' said Tazelaar.

Jonathan Pearl, a San Francisco finance professional, said he was puzzled when he got the latest e-mail, because it looked so real -- but he's not even a Wells Fargo customer. He said he wondered if maybe his wife had an account there he didn't know about.

``As much as I've read about phishing, it never occurred to me that that's what that was,'' he said.

[ Next Thread | Previous Thread | Next Message | Previous Message ]

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.