Email etiquette, add-ons
for your computer, meet an iPod, and why Macs are becoming so popular
http://www.apple.com/
http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore/
Posted on Thu, Nov. 04,
2004
Personal Computing
| Phishing season warning: Watch for ID-theft e-mails
By
Reid Goldsborough
For The Inquirer
Don't do it.
Don't click on links in any e-mail messages you receive that ask, or demand,
that you update credit card, bank, Social Security, or other financial
information or verify your password at eBay, PayPal, or other e-commerce Web
sites. If you do, in all likelihood you'll wind up spending many tedious hours
trying to recover your stolen identity.
You may have heard this all before, but many people still haven't. Identity
theft via bogus e-mail links, or "phishing," is escalating, with
criminals becoming ever more brazen and sophisticated in their online schemes
to trick people into revealing their personal information.
Warn anybody you know who uses a computer about this, particularly those who
may not be as savvy as you.
If you believe you've noticed an increase in these assaults lately, you're
right. The number of phishing attacks against e-mail users has been doubling
every two months, according to the Anti-Phishing Working Group.
People do get scammed. Phishing messages that appear to be sent by trusted
companies dupe 3 percent of the people who receive them, according to a survey
by Gartner Inc. Phishing cost U.S. banks and credit-card companies $1.2 billion
last year alone, costs that ultimately are passed on to you, the consumer.
The tricksters are getting trickier. The latest and most sophisticated scam
involves "context-aware" phishing, according to Markus Jakobsson, a
cybersecurity expert at Indiana University School of Informatics. The e-mail
message makes it seem that it must be legitimate because of the knowledge about
you or your work or personal relationships that it contains.
The e-mail might seem to come from your boss or a trusted colleague warning you
of a new Internet security threat involving your specific credit-card company
or bank and telling you to go to its Web site to change your password. Just to
be "helpful," the sender provides you with a link in the e-mail message.
But if you click on the link, you will be taken to a bogus Web site that looks
just like the legitimate Web site. You thus will not think twice about typing
in your login name and current password, thereby allowing the scammer to charge
your credit card or empty your bank account.
With these as well as more garden-variety phishing e-mails that appear to come
from the company itself, the most commonly named companies, in order, are
Citibank, eBay, U.S. Bank and PayPal, according to the Anti-Phishing Working
Group. But customers of other well-known companies are being targeted, too,
including AOL, Lloyd's, Fleet, Wells Fargo, Visa and Verizon.
"Legitimate businesses [like these] won't ask you to verify your financial
information in an e-mail message," said David Zumwalt, president and chief
executive officer of Privacy Inc., a Dallas company that makes software
designed to prevent individuals and companies from falling victim to phishing,
spam, and other forms of privacy intrusion. (A few legitimate companies may
still do this. They should stop.)
All this might make you want to toss your computer into the nearest toxic waste
dump and go back to writing letters with a quill pen. But it is easy to protect
yourself.
Never, repeat, never click on a link in an e-mail message that purports to take
you to a Web site where you store personal financial information.
If you want to update your credit-card, banking or similar information on the
Web, go to your Web browser. Type in the Web site's address yourself or use a
"Favorites" or "Bookmarks" link that you previously created
yourself.
Do not forget common sense. "Use the same safe behaviors you grew up
with," Zumwalt said. "You don't park in a dark corner of a parking
lot at night and come out flashing your wallet or swinging your purse."
On the Web
www.antiphishing.org
www.privacyinc.com
www.consumer.gov/idtheft
www.usdoj.gov/criminal/fraud/idtheft.html
www.idtheftcenter.org