Top phishing sites
by Elizabeth Rogers,
Don't take the bait. Find out where and how scammers trick victims into giving out their information.
Your account has been blocked because of multiple log-in attempts. Your credit card is about to expire or has expired. We need your help to clear up fraudulent activity on your account. We couldn't process your transaction or deliver your shipment. Please confirm your password.
Can you spot a phishing attack when you see one? Some messages we laugh off, but others look a little too real -- and they're netting more victims.
If you're not familiar with the term, phishing is an apt metaphor for the crime. The bait: an email or instant message containing an urgent message, usually involving exciting or troublesome news and a request to provide information.
The hook: the legitimate-looking email links you to a legitimate-looking website or web form where you enter sensitive data which can later be sold and used to commit identity fraud.
What makes this crime tricky to spot is that the emails and websites can't easily be distinguished from legitimate organizations. That's because scammers can forge the look and feel of real websites and communications -- a process known as spoofing.
And the waters may be getting a little rougher, according to experts. With growing internet use, there are always more fish to catch and more places to catch them. Secure content management solutions provider Kaspersky Lab recently released it's list of top targets for phishing attacks worldwide.
Here are the top 10 places to watch out for predators:
PayPal
eBay
HSBC (an international banking company)
Facebook
Google
IRS
RAPIDSHARE (A German webhosting company)
Bank of America
UBI (United Bank of India)
Bradesco (One of the four leading banks in Brazil)
True, many Canadians don't deal with some of these organizations, but that doesn't mean we're safe. We might dismiss an email from the IRS letting us know our tax return can be deposited directly to our credit card (once we supply the information, of course), but it's the patterns -- not just the individual targets -- that are a concern. Other security sources like the Anti-Phishing Work Group (APWG) agree that certain sectors are risky, such as:
Payment services. According to the Kaspersky Lab report, PayPal was the target of more than half of all phishing attacks. PayPal isn't the only online payment service in the business, but it still garners most of the market share.
Banks and financial institutions: Worried about the safety of banking online? Spammers know it, and can use those concerns against you. Those "helpful" emails warning about a problem -- like a security issue or attempted hack on your account -- are bound to get a reaction. While Canadian banks are smaller than their international counterparts (we are a smaller market, after all), that doesn't make them any less of a target. Visit any bank website and you'll likely see phishing attack warning somewhere.
Online auctions and sales: There's a lot of money changing hands with online sales sites. In fact, eBay was the target of about 13 per cent of phishing attacks. Online auctions are risky for other types of fraud as well.
Social media: Surprised to see Facebook at #4? So were experts -- until they considered the growing popularity and membership of social media sites. With a membership over 400 million people -- who share a total of 25 billion pieces of content each month, according to company statistics -- Facebook is worth the time and trouble for tech-savvy scammers. Once they've got you on the hook, they can use your account to reel in your friends, family and coworkers.
Facebook certainly isn't the only social media site to grapple with phishing, viruses and malware. Other social networks have been targets too, including Twitter. (Yes, 140 characters is enough for a phishing message.)
Tips to avoid phishing scams
Phishing attacks have been around for a while, but they may be getting harder to spot as crooks learn new tricks. Here are some tips to protect yourself:
- Know how your organizations handle customer service. Companies know that emails aren't a secure way to handle their customers' information. Most of the time, your bank, retailer or other organization will call you if there is a problem with your account. (That's why they have your phone number on file, and security questions for verification.)
- Delete any suspicious emails right away. Don't even open them, especially if they're from an organization with whom you have no association -- like an international bank, government or lottery.
- Don't touch. If you do open the email, don't click on any links or download any attachments. You could be directed to a spoofed site, or have malware and viruses downloaded to your computer.
- Take the time to look closer. Crooks are counting on you to respond right away, and without looking too closely or asking any questions. Look carefully at the email -- are there errors in spelling and grammar? Do the links and email addresses have the same domain as the company? (Don't click to find out, but "hover" over the links in your browser to see if the URL is suspicious). Are you asked to submit information you wouldn't share with strangers?
- Avoid reacting on emotion. Scammers rely on scare tactics and sympathy for current events to get a reaction out of people. Scammers often take advantage of current issues to make their claims more convincing. For instance, if an organization is suffering from a technology issue, scammers might exploit the issue to send out phishing attacks asking users to verify their account information. (As happened to a Canadian financial organization in 2004.)
- Verify. Are you concerned the email is real and there really is a problem with your account? Ignore the contact information and links in the email and contact the company directly to find out if there's a problem. (Look up the phone number in the phone book, or look up the website yourself rather than clicking on a link.)
- Keep your information to yourself. When in doubt, don't share any of your information, even if it seems insignificant.
Be Safe!