Phishing: The Latest Online Scam

Identity theft is the fastest growing crime in the nation. Almost 10 million people had their identities stolen in 2003. Even babies and children are having their identities hijacked.

Thieves have realized that their crime can go undetected for a long time if they choose very old or very young victims because these people are not regularly getting or checking credit reports or credit card and other financial statements.

Few parents are going to assume that their newborn is a potential target for identity theft; the crime may not be discovered until the child applies for student loans or a first credit card.

"Dumpster diving" - thieves going through the trash and pulling out documents that contained personal information - is still a risk, but identity thieves have become more sophisticated. Online "phishing" is the new weapon in thieves' arsenals.

Phishing means sending cleverly created e-mails to large volumes of e-mail addresses, designed to fool recipients to reply with personal financial data, account numbers, user names and passwords.

According to the Anti-Phishing Working Group, phishers are able to get up to five percent of recipients to respond to them.

They do so using cleverly designed e-mails and Web sites that contain messages that appear to be from large and familiar businesses requesting that a consumer reply with personal data about their existing accounts.

Phishers' e-mails notify consumers about bogus "changes to accounts" and "request to reply to protect your account from cyber scams." When replying to the e-mails, consumers are led to official looking, but bogus, Web sites, where logins to the sites are requested.

According to the APWG, recent phishing scams were aimed at customers of eBay, Wells Fargo, Citibank, SunTrust and EarthLink.

The scary thing about phishing is that the e-mails look really legitimate. A recent e-mail to Citibank customers said the company was updating its online security.

Readers were warned that if they did not resubmit their personal information, they would no longer be able to utilize the company's online services.

Citibank and other financial services have their names hijacked most often.

The Anti-Phishing Working Group lists on its Web site the latest scams. Keep in mind that in all of these are scams - the e-mails are not actually from the companies they say they are from. They include:

  • Earthlink and MSN- This e-mail says your billing information is out of date and your membership will be cancelled if you don't update your info immediately.
  • eBay - This e-mail claims to have discovered that your account has been "compromised by outside parties" and that you won't be able to utilize your account until you update your information.

    Part of the fake eBay e-mail reads:

    "We have noticed some activities pertaining to your account indicating that other parties may have had access and/or control of information in your account. These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account, verify your identity by clicking here."

    These scammers try to scare you into giving up your information. And they make it seem as if the e-mail sender has your best interest in mind.

    The Anti-Phishing Working Group says these phishing expeditions are successful about five percent of the time.

    There is one simple way to make sure you don't become a victim of these scammers: Don't respond to any e-mail that requires you to provide a social security number, credit card number, bank routing number or other personal info. If you think the e-mail actually may be valid, contact the institution directly.

    While you can prevent falling victim to these online scams, it is almost impossible to prevent all identity theft these days.

    All too often, the theft of personal records is an inside job where employees in a business with access to customer data are tempted to steal large volumes of customer's records.

    The temptation can be real: Stolen personal data can fetch anywhere from $10 to as much as $60 per record or credit report. The crooks that purchase these records turn them into profits by using the personal information to obtain loans and open credit cards, which are used to purchase large quantities of goods, which are then fenced for cash.

    These inside jobs are getting harder to prevent, as outsourcing call center service jobs overseas puts Americans personal information abroad, where it can be used fraudulently. The F.B.I. reports that increasing numbers of ID theft schemes started abroad are spreading in the United States.

    Just as there are new methods of stealing your identity today, there are new services you can use to help protect yourself. Farmers Group, American International Group, Travelers, Chubb, Encompass and several credit card issuers now offer identity theft insurance. This costs about $25 to $50 a year, and it is not worth the expense, according to Consumer Reports.

    However, there are other products available that you may want to check out, particularly if you've been a victim in the past. For example, the McAfee Privacy Service software ($34.99 per year) includes special protections on personal computers warning users before they send their PINs and passwords over the Internet.

    Other services, such as the myFICO Identity Theft Security ($19.95 per year) includes a service that monitors a subscriber's credit reports, sending e-mails when suspicious changes occurs, and also includes identity theft insurance protection.

    The single best defense against identity theft is reviewing your credit reports frequently. If you discover that your ID has been stolen, take the following steps:

  • Call credit bureaus
  • Close fraudulently-opened accounts
  • File a police report
  • Call the Fedferal Trade Commission ID Theft Hotline (877-ID THEFT / 438-4338)
  • Alert all other financial accounts