:: Cyber Security for Seniors ::
Guelph Wellington
Seniors Association

Take Advantage of Your Seniority!

HOMERESOURCESGWSA SOS BLOGS NEWS FRAUD ALERT FAQ CONTACT US

CautionPhishing

"I keep getting warnings and alerts from Paypal, eBay, my bank, and various other banks and financial institutions that I don't even have accounts with, all telling me to log in and verify my account information. I've read about something called phishing and am wondering if that's what these messages actually are?"

You're right to be suspicious! These are indeed what us industry folk call phishing (pronounced like fishing). They are email messages sent by online criminals, purporting to be from legitimate sites, but they're trying to trick you into clicking into clones of the real site. Their purpose is to get you to visit the rogue site, then get you to enter your login and personal data, so they can commit fraud and identity theft.

Clever Chase Bank Customer Survey Phishing Scam

The Chase Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account - Just for your time!

It goes on to describe how it only takes two minutes, your answers will help them yada yada, etc. It's well done and looks authentic. Of course, the spam doesn't really take you to the Chase Bank website. Instead, it takes you to a scammer's site in China.

The webpage itself and the initial questions they ask look quite authentic. The catch, of course, is that they say that in order to credit your $50 reward, they want your Chase User ID and password, as well as your Chase credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother's maiden name and email.

However, the ploy of using a $50 reward for a customer service survey can be an effective phishing lure.

What to do:
Never click on links from spam emails. Absolutely never enter your private information into a website from an email with a link -- whether it's to check your account info, resolve a fraudulent order, respond to a customer service survey, etc.

Phishing Scams Now Use Phones Instead of Fake Websites

In a new twist, identity thieves are sending spam that warns victims that their bank account or PayPal accounts were supposedly compromised.

Nothing new so far.

However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number."

The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the bank or PayPal is made. You can see a sample scam email message (and hear an example of one of these scam voice messages by clicking on the Recording Link at the Websense Security Lab site) here:

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534

What to do:
Never call a number you receive from a spam email, and certainly don't enter in any private information if you make a mistake and do call. If you want to call your bank, use the normal phone number you regularly use, not the phone number you get in an email.

You can read more about this scam here:

http://www.eweek.com/article2/0,1895,1985966,00.asp

Very Clever Citibank Phishing Scam

Another interesting phishing scam, this time supposedly from Citibank's Citibusiness service, warns that someone tried to log into your account and you must now "confirm" your account info.

Again, that's hardly new. The phishing spam takes you to a very convincing replica of the Citibusiness login page, including a long web address that looks like it ends with Citibank.com, but in fact goes to a website in Russia.

The login page asks for your user name, password, and a token-generated key that Citibusiness customers are used to. The phishing site passes the info to the real Citibusiness site, so if you intentionally put in bogus info, you'll get the real error messages from Citibusiness. It's very cleverly done.

What to do:
Again, don't click on links in spam emails to "confirm" your account info. If you have a question, use your browser and directly type in the web address of your bank, etc.

Disclaimer:
"This site contains links to other Internet sites. These links are not endorsements of any products or services on such sites, and no information in such site has been endorsed or approved by this site."

             

"This project has been made possible by a grant from the Ministry of Community Safety and Correctional Services"



© 2008 Guelph Wellington Seniors Association - Design by Ken Russell & Associates
Design downloaded from Free Templates - your source for free web templates