SPAM / Phishing
LOOK-ALIKE SPAM MAIL KEEPS SURFACING:
DON'T FALL VICTIM TO IDENTITY THIEVES
Consumers should be on the alert for official-looking emails that are actually spam mail sent by sophisticated identify thieves trying to trick you out of personal information that can be used to drain your bank account, fraudulently get credit cards and commit other crimes.
Don't be fooled! The scam is commonly called "brand spoofing" or "phishing" because the spam mail sent uses familiar or legitimate-sounding names of companies to trick consumers into disclosing confidential personal information. The email may use all or part of a legitimate company's name, and the hyperlink may closely resemble its website, complete with company logo and color schemes that make it look like close to the real thing. For instance, the Earthlink.net spoof used a URL like www.earthlinkservice.com.
“Identity theft is one of the fastest-growing crimes of our times, and the perpetrators net many of their victims on these high-tech phishing expeditions,” notes the Attorney General. “I know Californians are flooded with this particularly harmful spam because my office’s email boxes have been inundated with hundreds of them. To avoid trouble, consumers should be on the alert and delete unsolicited emails.”
Some 2.2 million people every year have their IDs stolen through phishing schemes, according to some published reports. The Gartner Group consulting firm estimated that in 2005 phishing cost consumers nationwide roughly $1 billion.
Small and large companies have been spoofed, such as PayPal, Bank of America, Best Buy and First Union Bank. The emails received look like they may be coming from the company with whom you do business and even use a URL that looks like the real thing but it's not.
One of the latest, ongoing phishing scams targets Chase Bank customers. The phony emails, many of which list their address as firstname.lastname@example.org, tempt recipients with the promise of a $20 or $100 credit on their accounts if they simply complete an online survey. The survey requires recipients to provide such ID theft material as PIN number, Social Security number, credit card number and mother’s maiden name.
Other Chase Bank-related phishing scams try to steal personal information by telling recipients such falsehoods as: unauthorized third parties have accessed their accounts; Chase needs to confirm personal data because the bank is implementing a software upgrade; services will be terminated unless renewed immediately; and Chase is launching a new security system because of fraudulent activity on members’ accounts.
Chase does not send customers emails that require the recipients to provide confidential personal information in a response. Additionally, the bank provides customers information about phishing schemes and how to avoid them on its website at www.chase.com .
According to security experts, these types of computer attacks are on the rise because scammers are taking up the tactics, tools and techniques of virus writers and spammers. These scams often are difficult to detect because they can come from anywhere in the world and shut down quickly. Report suspected cases at the federal Internet Fraud Complaint Center.
Be wary if you receive emails that contain:
- Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member" or "Dear AT&T Member".
- A false sense of urgency. Many spoof emails try to trick you into acting quickly by warning that failure to comply will result in your account being terminated, suspended or charged a penalty.
For example, AT&T customers were spammed with the following fake notice soliciting credit card account information: "We recently attempted to charge you for your cycle use plan and your credit card issuer denied payment to our billing systems. This usually occurs when billing information is out of date or billing address is false. If your account information is not updated within next 48 hours, we will be forced to terminate your account. Thank you for cooperation towards this urgent matter."
- Fake web links. Don't click on the link contained in the suspicious email. By clicking on the link, you could be opening your computer to viruses or hidden installation of "key logging" devices that can record everything you type, including user passwords and account information, and have the data sent automatically to the identity thief or be harvested later.
- Don't trust an unsolicited email. Instead, contact the business by telephone or reach the company's genuine website by typing in the company's URL address into your browser.
While the Attorney General is exploring ways to combat identity theft by working with companies that appear to be the biggest targets of phishing emails, tracking down the scam artists remains a difficult task. Much of the illegal spam comes from outside the United States, such as from Eastern Europe and Asia.