Internet Fraud

Phishing We continue to see increasing numbers of fraudulent e-mail messages trying to convince people to visit fraudulent web sites in order to steal their credit card numbers, bank account numbers, E-Bay, PayPal, banking, and AOL account passwords, and other sensitive data. Fraudulent messages pretending to be from local banks, such as SunTrust and BB&T, have also been seen. These scams, being referred to as "phishing" attacks, use e-mail messages made to appear as though they come from banks and other businesses you may trust. The messages contain links leading to malicious web sites that duplicate the business' web sites in almost every detail and that ask for passwords, credit card numbers, and other sensitive information useful to criminals. It is very difficult to tell the difference between an official web site and one set up by criminals to mimic an official one and they are getting more sophisticated. You can view real-life examples of these messages and the fake websites at: http://www.fraudwatchinternational.com/phishing/index.php and http://www.antiphishing.org/phishing_archive.html . The face values of web links in email, web sites, instant messages, and other locations cannot be trusted to make critical decisions such as whether to supply sensitive information or download software on to your computer. They're as useless and as easily forged or disguised as the return address on a post card or the FROM address on an email message. It is best to avoid typing sensitive data (account numbers, passwords, credit card numbers, etc.) into unfamiliar web sites or those led to by links in unexpected or unusual e-mail messages. It is also prudent to avoid clicking links in such e-mail and instant messages especially those that are blatant spam or phishing messages as they sometimes lead to web sites that will infect visiting computers. For the same reason, it is also best to avoid downloading software from such web sites. Use a known good web link and/or verify the message contents over a known good secondary channel (phone number, email address, etc.). If you receive such a message, you may report it to authorities by forwarding the message, preferably with full mail headers, to spam@uce.gov and/or the owner of the site being forged (e.g. abuse@suntrust.com, abuse@ebay.com, or the address supported for this purpose by the organization). A web site ( http://www.lookstoogoodtobetrue.com/ ) promoting Internet fraud awareness has been published with the cooperation of the FBI, U.S. Postal Service, and several other organizations. Carnegie Mellon University has designed a game meant to improve your ability to identify fraudulent web sites. It can be accessed at http://cups.cs.cmu.edu/antiphishing_phil/ . Note that it requires the installation of Adobe Flash. Many people already have this installed. If you install it, it is important to check for security updates as it can leave your computer vulnerable if not properly maintained. http://www.adobe.com/support/security/bulletins/apsb07-12.html http://www.adobe.com/support/security/bulletins/apsb06-11.html http://www.adobe.com/devnet/security/security_zone/apsb06-03.html http://www.adobe.com/devnet/security/security_zone/mpsb05-07.html Identity Theft Help If you typed sensitive information into one of these criminal's web sites it is likely the information you provided will be, or already has been, sold or misused. To limit loss in such a case, review the recommendations at the following web sites after contacting the organization whose site was forged. ID Theft Home ( U.S. Federal Trade Commission ) Identity Theft Victim's Guide ( Privacy Rights Clearinghouse ) Consumer Advice: What To Do If You've Given Out Your Personal Financial Information ( AntiPhishing.org ) Identify Theft Resources ( Privacy Rights Clearinghouse ) Identity Theft and Fraud ( U.S. Department of Justice ) In the past, it has been difficult for a person to freeze credit reporting on themselves. State laws mandating the ability of consumers to request such freezes were spotty ( notably absent in Virginia ) and the credit reporting agencies did not offer the service in states where laws mandated it. Luckily, the credit agencies seem to be responding and are beginning to offer the ability for anyone nationwide to freeze their credit reports ( see this article and this one ). This becomes a useful tool for preventing fraud and the spread of identity theft. Additional phishing information: What you should know about phishing identity-theft scams ( Microsoft Video ) Putting an End to Account Hijacking Identity Theft ( Federal Trade Commision PDF file) Excerpt: "While precise statistics on the prevalence of account hijacking are difficult to obtain, recent studies indicate that unauthorized access to checking accounts is the fastest growing form of identity theft. The FTC has estimated that almost 2 million U.S. adult Internet users experienced this fraud during the 12 months ending April 2004." Special Report on Phishing ( U.S. Department of Justice Criminal Division PDF file) How Not to get hooked by a phishing scam ( U.S. Federal Trade Commission ) Can you tell the difference? MailFrontier Quiz II Washington Post Quiz Phishing in the news: Phishing is Big Business ( eWeek 03/07/2005 ) Phishing Feeds Internet Black Market ( Washington Post 11/18/2004 ) IT Tackles Phishing ( InfoWorld 1/24/05 ) Consumers deluged as fake e-mails multiply - Even experts say telling real mail from phish can be difficult ( MSNBC 01/21/2004 ) What happens to victims ( MSNBC 11/04/2003 ) Fake FBI Site ( MSNBC ) Other Internet Fraud: 419 or Nigerian fraud schemes where you are offered a percentage of a large amount of money for help transferring it. United States Secret Service Alert Information at the University of Pennsylvania Nigeria cracking down on e-scams ( CNN 08/08/2005 ) Nigerian Scams Keep Evolving ( MSNBC 06/10/ 20 05 ) You may forward such messages with full e-mail headers to 419.fcd@usss.treas.gov View Monster.com's safe online job search tips for avoiding identity theft, criminal recruitment, and other threats associated with online job searches Seduced into scams: Online lovers often duped MSNBC ( 07/29/ 20 05 ) Officials: Beware of phantom stock regulators ( ZDNet 07/29/ 20 05 ) Cybercrooks lure citizens into international crime ( USA TODAY 07/11/ 20 05 ) Fake banks lure customers online ( MSNBC 03/03/ 20 05 ) Auction sites being used to sell goods purchased with stolen credit cards ( MSNBC 06/08/ 20 04 ) Scam: Postal Forwarding/Reshipping job aiding criminals ( MSNBC 12/17/ 20 03 ) Beware of Fake Escrow Sites for Internet Financial Transactions ( MSNBC 12/04/ 20 03 ) Online auction scams ( WashintonPost.com 05/03/ 20 03 ) Fraudulent offers of money from Nigeria and other countries for assistance in transferring funds . ( United States Secret Service. Forward received messages to the United States Secret Service at 419.fcd@usss.treas.gov . ) FBI Internet Fraud and Crime Complaint Center Common Mistakes Affecting Our Privacy, Accounts, Computers, and Data Trusting unknown programs Failure to periodically patch defective desktop Windows software at the Windows update site Failure to run and update anti-virus software Treating a computer that accesses sensitive information as an entertainment device Using the same passwords on multiple systems with different levels of sensitivity and risk factor Failure to set passwords on Windows NT, 2000, and XP computers Microsoft File Sharing configuration errors Installing and operating Linux, Windows NT, and Windows 2000 servers without first fixing known defects Failure to back up critical files Poor password choices Unsafe handling of passwords Forgetting to log out of shared computers like those found in labs Trusting unknown computers that may be running malicious software that records keystrokes Failure to assure sufficient resources to maintain servers