PHISHING FACTS OF LIFE – DON’T BE THE TARGET OF ORGANIZED CRIMINALS – KNOW THE BASIC DEFENSES

Phishing Scams – Definitions and Protection

We all need to be aware of the online scam known as "phishing" (a variant of the word "fishing"). Phishing involves the use of e-mail messages that appears to originate from a bank or trusted business or government agency such as PayPal, Ebay, Bank of America, the IRS or another source, but they are actually originating from thieves and criminals.

Phishing e-mails typically ask you to click a URL link to visit a Web site. Once on the website you are asked to enter or confirm personal financial information such as your account numbers, passwords, Social Security number or other data. Although these Web sites appear legitimate, they are not. These impersonation websites are the domain of thieves and organized crime groups. Giving up your personal information in the name of “confirming” your account is in essence giving the thief or crime group the keys to your kingdom. Some sites that you click on may appear temporarily out of service, in reality the site may be downloading a virus and or other malware (ill-intended software) to your computer.How can you spot a phishing scam?

Look for these warning signs:

-- Urgency. The message you receive often insists you to act immediately by suggesting that your account is threatened or will expire soon. It often says that if you fail to update, verify or confirm your personal or account information, your account will be closed. Several years ago these messages often contained spelling errors and grammatical errors often reflecting their origin off shore. However this is no longer true. The best phising scams in recent months have been using perfect English and grammar.

-- Demands for personal information. Ethical businesses will never ask for confirming information from you by email. They already have this information and the do not need it again. Modern computer systems simply do not loose this information or require you to re-confirm your data. Requests for the following information is a flashing red light indicating identity theft pending if you respond.
-.- Account numbers and passwords
-.- Credit and check card numbers
-.- Social Security numbers
-.- Online banking user IDs and passwords
-.- Mother's maiden name
-.- Date of birth
-.- Other confidential information


-- Download Software Demands Never install software downloads directly from e-mail messages, or from companies or Web sites you do not recognize. If you are instructed to download new software, go to your browser, search on the name of the business, and download from the business site directly. If you don’t find the new download instructions prominently displayed on the landing page you can be assured the email is originating from criminals.

-- HTTPS is no longer a protection. Organized crime groups are purchasing legitimate security software that indicates you are on a secure and encrypted site. Do not rely on the HTTPS element. Yes the link is secure, but you’re still talking to organized criminals.

Basic Safety Tips

-- Be suspicious of demanding messages. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious.

-- Businesses never ask for confirming information on-line, by telephone, or in a fax. A legitimate business will never request personal information from you by email, on the phone (if the call is initiated by them), or in a fax. If you are concerned call your trusted business directly using the telephone number found in the phone directory or on your statement. Do not use the telephone number provided in the phishing email – you will only end up talking to the criminals.

-- Never download software originating in an unsolicited email. Installing unsolicited software from an email is asking to be robbed.

-- Never click on the URL provided within an email. The URL may look legitimate, may have the company name, and an HTTPS indicator, but its still a criminal site. Always type in the URL yourself or better yet use your browser and search for the general corporate website and begin you account access there.

-- Never give out your password except to logon. Never logon using the URL contained in an email.

-- Install and maintain anti-virus, anti-spam, and spyware detection software. It’s a fact of life, you cannot use online systems without these critical protections installed.

Useful Links to Phishing Information Websites

phishing brochure provided by The Office of the Comptroller of the Currency (OCC).

www.antiphishing.org

"How Not to Get Hooked by the 'Phishing' Scam," available at: www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm,

"ID Theft: When Bad Things Happen to Your Good Name," available at: www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm. This is a general publication on ID Theft and is usefull, however in the opinion of KnightsBridge Castle it misleads victims into thinking that federal government agencies such as the FTC or the Social Security Administration is prepared to assist them in recovery. In our extensive experience, and by the admission of these agencies, they will not or cannot assit individual victims in any meaningfull way.


Recent phishing scams – Our blog reports on recent and new phishing scams every two weeks. However many phishing scams are years old, such as the PayPal scams.

General Advice

Install and Use Anti-Virus ProgramsViruses can infect a home computer in many ways: through floppy disks, CDs, e-mail, Web sites and downloaded files. Anti-virus programs help protect your computer against most viruses, worms, Trojans and other unwanted invaders that can make your computer "sick." Viruses, worms and the like often perform malicious acts, such as deleting files, accessing personal data or using your computer to attack other computers. If a file is infected with a virus, most anti-virus programs provide you with options of how to respond, such as removing the harmful item or deleting the file. Installing an anti-virus program and keeping it up-to-date is the best defense for your home computer.Firewalls: What Are They and How Do I Use Them?Before you connect your computer to the Internet, you should install a firewall. A firewall can be generally described as a security guard for your home computer. The guard is a piece of software or hardware that helps protect your PC against hackers and many computer viruses and worms. With a firewall, you define which connections between your computer and other computers on the Internet are allowed and which are denied. There are firewall programs, both free and available for purchase that provides the capabilities you need to help make your home computer more secure.E-mail AttachmentsE-mail viruses and worms are fairly common. Here are steps you can use to help you decide what to do with every e-mail message attachment you receive. You should only open and read a message that passes all of these tests:

The know test—is the e-mail from someone you know?
The received test—have you received e-mail from this person before?
The expect test—were you expecting e-mail with an attachment from this sender?
The sense test—does the e-mail subject make sense based on who is sending the e-mail? Would you expect this type of attachment from this person?
The virus test—does this e-mail contain a virus? To determine this, you need to install and use an anti-virus program.

Purchasing and Installing Programs

Apply these practices when you select software for your home computer.

Learn as much as you can about the product and what it does before you purchase it.

Understand the refund/return policy before you make your purchase.

Buy from a local store that you already know or a national chain with an established reputation. If you buy software on-line access the vendor by searching first on your browser. Be carefull to make sure that you have spelled the company name correctly. There are criminals who will take advantage of a mispelling.

Keep Your System Up-to-Date. Use the automatic update feature of these protection programs. At KnightsBridge Castle our few on-line systems are updated many times a day by our service providers.

Backups: How Important?It is a good practice to back up important files and folders on your computer. To back up files, you can make copies onto media that you can safely store elsewhere, such as CDs or floppy discs.

For more information on home computer security, visit http://www.cert.org/.

As always KnightsBridge Castle is prepared to assist you in the prevention, detection, recovery, and prosecution of the many crimes of identity theft.