Financial Education
Gone phishing: A bit of prevention, a byte of cure
Imagine you have served more than 20 years in the military, received numerous commendations, and have built up a level of trust with your peers. You have become everything you want to be—perhaps even a bit more—and met every challenge head on and with success.
Then, someone steals your identity. They use it for profit while leaving devastation in their wake. And they're doing it under your name. It's called "identity theft," and it happens every day to individuals throughout the military and civilian communities.
For companies, "phishing" is similar to identity theft. The difference is that a phishing scam doesn't seek to rip off a company, but instead uses the good reputation and name of a company to rip off consumers. These scams are dangerous, not always easy to identify, and even the most intelligent and cautious consumers can fall victim.
The way it works
Phishing is a way to get people to share vital information, usually financial in nature, and usually via e-mail. The trick is that the phisher uses a real logo, and the e-mail address appears as if it's from a legitimate and well-known company. E-bay, PayPal, Amazon … all have had, and continue to have, their name used by phishers. Even the Better Business Bureau has had its brand stolen and used in phishing scams.
Why companies care
A company's "brand" is more than just its logo. It includes position in the market (McDonalds or Wal-Mart), reputation (Rolex or Ferrari), or how a name became the standard for everything else (Kleenex or Post-It Note). Many companies spend a great deal of time building their brands, and some brands are, in and of themselves, valued in the billions of dollars.
When someone takes that brand and uses it illegally, it tarnishes the brand's image and can decrease its value. It can also lead to higher prices for consumers due to legal action, tighter security for Web sites, or legitimate communications with customers to inform them of an ongoing scam.
Basically, phishing scams cost everyone money, not just their victims.
Protect yourself
The following are a few ways to protect yourself from phishing scams based upon recommendations from The Anti-Phishing Working Group (APWG), a group of individuals and companies that fight against online fraud.
• The simple things—If you've never bought anything from a company—Ebay, for example—chances are you won't be getting an e-mail from them. But if you have done business with the company and aren't sure of the e-mail, look for incorrect spellings and poor-quality images often found in phishing schemes.
• No rush—It is highly unlikely that any legitimate company will tell you, without prior warning, to contact them immediately; most will give you a few days. So beware of e-mail messages that request immediate action, since that could be an indication of a phishing scheme.
• Protect your information—No company will ever ask for you social security number, account number, or password via e-mail or even over the phone; they will only do so from secure sites when online, and will only ask for a simple identifier over the phone (e.g. the last four digits of our social security number, not the whole thing).
• Ignore the links—If you're not sure about an e-mail, never click on a link it contains. It is possible to make one Web site address look like a different one. (For example, it may look like you are on www.yourbank.com, but in reality you are on www.phishersite.com.) Instead, either use a bookmark or type in the real site address.
You can find more information on this issue at www.antiphishing.org. And, one last piece of advice:
• When all else fails—If you're not sure what to do, just contact the company in question. Odds are they'll help if it is a real problem, and you can notify them of the phishing scam if not.
Your help is needed
The easy thing to do is just delete any phishing e-mail you receive. Doing so, however, won't make the problem go away, since no one else will know what you received, where it actually came from, and who is responsible. For this reason, it's absolutely imperative that consumers report the phishing e-mails they receive, and it's quite easy to do:
• Mark it as spam—Most of the large providers (Yahoo!, Hotmail, etc.) have a button you can simply click to notify them the e-mail you received is spam. From there, the sender's information is entered into a database that can help the e-mail provider stop similar ones in the future.
• Notify your e-mail provider—If you have been absolutely overloaded by phishing e-mails, contact your e-mail provider directly and report the abusive messages.
• Contact APWG—You can also send the message on to the Anti-Phishing Working Group using the guidelines on their Web site.
By reporting these messages, you help build up a database of offenders, provide valuable information that can stop new types of attacks, and save companies and consumers millions of dollars.
Remember, phishing scams affect everyone—military and civilian, rich and poor, young and old, company and customer. But by taking a few steps to protect yourself and reporting the messages you receive, you can make a difference and help put phishers out of business.
About the author
Karen Von Der Bruegge proudly grew up as a military brat whose father served 32 years in the United States Army. She is currently Chief Marketing Officer for Pioneer Financial Services, Inc., a company that provides responsible financial services and education exclusively to the military community. She is both a Certified Credit Report Reviewer and Identity Theft Prevention Specialist, and directs the management of Web sites that receive more than 100,000 page views every month.
RSS Feed
