“Phishing,†also called “carding†or “spoofing,†is a high-tech scam that uses e-mail spam to trick consumers into giving out personal information such as credit card numbers, bank account information, or Social Security numbers.
Phishers typically send deceptive emails that pose as online shopping sites, credit card companies, charities, and even banks, in efforts to trick people into giving out personal information.
“Phishers†will commonly copy a Web page from a popular site, such as an Internet service provider or a financial services company, and set up a replica page that appears to be a part of the company’s actual site. Then they will send an email to unsuspecting consumers containing a link to the replica page and ask them for personal information.
Once the consumer enters the data and submits the form, the scammer has all of their information and the user has no idea that a scam even occurred until it is too late. It is estimated that between 1% and 20% of these scams actually succeed.
One bank that has already been the target of a number of phishing attacks, is attempting to combat the problem by utilizing electronic signatures in all of its online correspondence with customers.
Postbank AG, Germany’s giant retail bank, already has S/MIME (Secure Multipurpose Internet Mail Extensions) integrated into numerous e-mail applications, including Microsoft Corp.’s Outlook.
According to infoworld.com (3/30/06): “The electronic signature, which the bank attaches to its e-mail, is issued by TC Trust GmbH, the German subsidiary of GeoTrust Inc.
“Only Postbank customers using e-mail applications with both S/MIME authentication and TC Trust certification will receive a certification symbol, confirming that the text message is from the bank.â€Â
Under the certification system, customers can verify the authenticity of an e-mail by clicking on a certification symbol that, when opened, will provide details about the electronic signature. If there are any inconsistencies during the signature authentication process, a warning symbol is programmed to appear.
At present, the system is not compatible with a number of email programs; however, Postbank intends to address that limitation in the near future.
Phishing attacks are increasing steadily each month. If you receive an email that asks you to click on a link and enter you’re billing information in order to prevent your account from being closed or to “update†your information, do not reply or click on the link.
Contact the company mentioned in the email by using a phone number or web address that you know to be legitimate. Companies doing business over the internet will never ask for personal information without properly identifying themselves. Emails that are generic and which are not addressed to you by name are likely to be bogus and should never be opened.
