OIG Fraud Alert Phishing



Similar documents
Protect Yourself Against Identity Theft

Identity Theft and Strategies for Crime Prevention

Remote Deposit Quick Start Guide

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

STOP THINK CLICK Seven Practices for Safer Computing

7 PRACTICES FOR SAFER COMPUTING

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Retail/Consumer Client. Internet Banking Awareness and Education Program

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Session 16 Fraud Alert: Avoiding Scholarship Scams, Phishing, and Identity Theft

PHISHING & PHARMING Helping Consumers Avoid Internet Fraud Federal Reserve Bank of Boston

Advice about online security

Protecting your business from fraud

Phoenix Information Technology Services. Julio Cardenas

Learn to protect yourself from Identity Theft. First National Bank can help.

7 PRACTICES FOR SAFER COMPUTING

IDENTITY THEFT BROCHURE 2 6/3/05 3:07 PM Page 1 IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

Don t Fall Victim to Cybercrime:

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Recognizing Spam. IT Computer Technical Support Newsletter

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Cyber Safety - 10 Practices For Staying Safe on the Internet

IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

Information Security Field Guide to Identifying Phishing and Scams

3 day Workshop on Cyber Security & Ethical Hacking

Online Security Information. Tips for staying safe online

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Information to Protect Our Customers From Identity Theft

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

How to stay safe online

Avoid completing forms in messages that ask for personal financial information.

Criminal Investigation

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Phishing: Facing the Challenge of Identity Theft with Proper Tools and Practices

& INTERNET FRAUD

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

When registering on a jobsite, first ensure that the site is reputable and has a physical address and landline phone number.

Technology Risks Associated with Online Trading

Malware & Botnets. Botnets

Phishing for Fraud: Don't Let your Company Get Hooked!

When Fraud Comes Knocking

What are the common online dangers?

Protecting Yourself from Identity Theft

Tips for Banking Online Safely

Security Tips You are here: Home» Security Tips

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Phishing and the threat to corporate networks

Identity Theft Protection

Learning to Detect Spam and Phishing s Page 1 of 6

Keeping your financial and personal information secure is one of our most important responsibilities.

Fraud Information and Security

Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity

Protection from Fraud and Identity Theft

Identity Theft Protection

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Identity Theft. Emergency Repair Kit

Seven Practices for Computer Security

Payment Fraud and Risk Management

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Payment Systems Department

Infocomm Sec rity is incomplete without U Be aware,

Corporate Account Take Over (CATO) Guide

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Cyber Security Survival Guide

Phishing Victims Likely Will Suffer Identity Theft Fraud

DVD Companion Learning Guide

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Client Education. Learn About Identity Theft

How To Get A Free Credit Report From A Credit Report Website

Phishing Past, Present and Future

Expanded Header: Viewing in Microsoft Outlook

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

Your security is our priority

Fraud Prevention Tips

BE SAFE ONLINE: Lesson Plan

Welcome to the Protecting Your Identity. Training Module

Online Privacy and Security Policy

Identity Theft Awareness: Don t Fall Victim to these Common Scams

I dentity theft occurs

How To Get Help From The Police Department

IDENTITY THEFT VICTIMS: IMMEDIATE STEPS

the first ACNB Bank transactionss in ACNB Bank will work number. Information on Thank you

Credit Card Fraud Training

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g

INTRODUCTION. Identity Theft Crime Victim Assistance Kit

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Your Guide to Security

Evaluating DMARC Effectiveness for the Financial Services Industry

SMALL BUSINESS ADMINISTRATION STANDARD OPERATING PROCEDURE

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Saheel KHOYRATTY. Partner Technology Advisor

SAFEGUARDING YOUR CHILD S FUTURE. Child Identity Theft. Protecting Your Child s Identity

Statistical Analysis of Internet Security Threats. Daniel G. James

Protect yourself online

How To Help Protect Yourself From Identity Theft

Transcription:

U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a general term for criminals creation and use of e-mails and websites designed to look like e-mails and websites of well known legitimate businesses, financial institutions, and government agencies in order to deceive Internet users into disclosing their bank and financial account information, or other personal data such as usernames and passwords. The phishers then take that information and use it for criminal purposes, such as identity theft and fraud. Phishing is by far the most dangerous form of fraud to hit online commerce, costing U.S. banks alone $1.2 billion in direct losses, increasing insurance rates and eroding consumer confidence in online transactions. 1 According to the Washington Post phishing, has become so widespread that one technology consultant estimated that at least 57 million Americans have received these types of e-mails. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to update or validate your account information. 1 Because they use false and fraudulent statements to deceive people into disclosing valuable personal data, phishing schemes may violate a variety of federal criminal statutes. In many phishing schemes, the participants in the scheme may be committing identity theft (18 U.S.C. 1028(a)(7)), wire fraud (18 U.S.C. 1343), credit-card (or access-device ) fraud (18 U.S.C. 1029), bank fraud (18 U.S.C. 1344), computer fraud (18 U.S.C. 1030(a)(4)), and the newly enacted criminal offenses in the CAN-SPAM Act (18 U.S.C. 1037). When a phishing scheme also uses computer viruses or worms, participants in the scheme may also violate other provisions of the computer fraud and abuse statute relating to damage to computer systems and files (18 U.S.C. 1028(a)(5)). Finally, phishing schemes may violate various state statutes on fraud and identity theft.

Example: Phishing It might threaten some dire consequence if you don t respond. The message directs you to a Web site that looks just like a legitimate organization s site, but it isn t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. What Are The Risks of Responding to Phishing E-Mails? At first glance, phishing e-mails, and the websites associated with such e-mails, may appear completely legitimate. One recent phishing attempt falsely used the names of the Federal Deposit Insurance Corporation (FDIC) and two of its officials, as well as the Department of Homeland Security. What Internet users may not realize is that criminals can easily copy logos and other information from the websites of legitimate businesses and place them into phishing e-mails and websites. In addition, if the e-mail recipient clicks on the link in the e-mail, even the window of the Internet browser he or she is using may contain what looks like the true Uniform Resource Locator (URL) of a legitimate business or financial institution. Unfortunately, some phishing schemes have exploited vulnerabilities in the Internet Explorer browser. This vulnerability allows phishers to set up a fake website at one place on the Internet, but make it look like the Internet user is accessing a legitimate website at another place on the Internet. The Federal Bureau of Investigations (FBI) calls phishing the hottest and most troublesome scam on the Internet, and the Department of Justice has created a special unit aimed at identifying and prosecuting the perpetuators of these scams. According to the Anti-Phishing Working Group, banks are particularly vulnerable to phishing attacks, with 15 of the top 20 phishing scams aimed at the banking industry. Phishing is remarkably sophisticated and successful, having fooled nearly 2 million online users into revealing personal and confidential information in the past two years. The most recent phishing attacks have targeted non-english speaking countries, such as France and Germany, a prime indication that this type of fraud is getting not only more sophisticated, but has no geographical boundaries. OIG Fraud Alert Phishing 2

What Can You Do to Protect Yourself? The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams. Be suspicious of any email with urgent requests for personal financial information o unless the email is digitally signed 2, you can't be sure it wasn't forged or spoofed o phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately o they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc. o phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are Don't use the links in an email to get to any web page, if you suspect the message might not be authentic o instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser Avoid filling out forms in email messages that ask for personal financial information o you should only communicate information such as credit card numbers or account information via a secure website or the telephone Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser o to make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://" Regularly log into your online accounts o don't leave it for as long as a month before you check each account Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate o if anything is suspicious, contact your bank and all card issuers Ensure that your browser is up to date and security patches applied o in particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page -- http://www.microsoft.com/security/ -- to download a special patch relating to certain phishing schemes 2 A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message, or of the signer of a document. It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. OIG Fraud Alert Phishing 3

The Federal Trade Commission (FTC), the nation s consumer protection agency, suggests other tips to help you avoid getting hooked by a phishing scam: Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances. Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software patches to close holes in the system that hackers or phishers could exploit. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. Report suspicious activity to the FTC. If you believe you ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC s Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam. What To Do If You Have Given Out Your Personal Financial Information? Phishing attacks are growing quite sophisticated and difficult to detect, even for the most technically savvy people. Also, many people are getting onto the Internet and using email or Web browsers for the first time. As a result, some people are going to continue to be fooled into giving up their personal financial information in response to a phishing email or on a phishing website. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, bank fraud, or identity theft. Advice given by the Anti- Phishing Working Group on what to do if you are in this situation is listed below: If you have given out your credit card or debit or ATM card information Report the theft of this information to the card issuer as quickly as possible o Many companies have toll-free numbers and 24-hour service to deal with such emergencies. Cancel your account and open a new one Review your billing statements carefully after the loss o If they show any unauthorized charges, it's best to send a letter to the card issuer describing each questionable charge. OIG Fraud Alert Phishing 4

Credit Card Loss or Fraudulent Charges o Your maximum liability under federal law for unauthorized use of your credit card is $50. o If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use. ATM or Debit Card Loss or Fraudulent Transfers o Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss. You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you. If you have given out your bank account information Report the theft of this information to the bank as quickly as possible Cancel your account and open a new one OIG Fraud Alert Phishing 5

Be careful with your personal information. Protect your identity. IF YOU HAVE ANY QUESTION PLEASE FEEL FREE TO CALL THE OFFICE OF INSPECTOR GENERAL AT 202-663-4327 OR E-MAIL US AT INSPECTOR.GENERAL@EEOC.GOV OIG Fraud Alert Phishing 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information