Tech Tips: Don't Go Phishing with These Guys!

Doug Hayman, DO-IT technology specialist
Picture of Doug and a DO-IT Scholar in the computer lab.
Doug and a DO-IT Scholar in the computer lab

If you've got an active email account, it is likely that you've received more than one odd email purporting to be from your bank, directing you to log on to your account using your account name and password. Others will direct you to verify your information by also asking for personal information such as your social security number, birth date, or mother's maiden name.

If you happen to do your personal banking at the same bank mentioned in the email, and if the content looks credible, you may be tempted to follow the directions. If you do, you will likely fall victim to identity theft. This scheme is commonly called "phishing," as the perpetrators put bait out there, in this case as a tempting email message, waiting for someone to take a bite.

Earlier versions of these phishing schemes were crude and more suspicious to the average person. Now, these criminals have gotten more sophisticated in their methodology. Rather than having a "from:" line along the lines of abc123@hotmail.com, their message will show something more credible like a forged "from:" line security@wamu.com. Additionally, when you look at the URL that you are advised to click within the email, it may show the text www.wamu.com, but have an underlying routing address like www.asianet.com.tw.

Worse yet are those phishing schemes that succeed in corrupting your computer's host file. By doing so, your correctly entered www.wamu.com would be redirected by the corrupt host file to a confederate site that exactly matched the real bank.

In either of the above scenarios, you'd still end up at a web page that looked exactly like the real, in this case, Washington Mutual Bank web page. And many of the links on that page might directly link to the real bank as well. What is most important to remember is that upon entering your personal information, the cyber thief would now have the means to steal your financial identity.

Ask anyone who has fallen victim to identity theft and you'll realize that going phishing with these guys would be a real nightmare in terms of time and money spent to clear your name and attempt to recover lost property, monies, and your reputation.

Never reply to these emails or follow the links contained within them. Instead, just hit the delete key. If in doubt, call your personal bank and ask them if they emailed you. They'll probably direct you to information about phishing schemes online.

For more information on phishing check out the following links:

The Anti-Phishing Working Group
www.antiphishing.org

Phishing Info
www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Better Business Bureau article on Phishing
www.bbbonline.org/idtheft/phishing_cond.asp