Beware
the latest type of ID theft by Nancy Luna, Columnist, The Orange County
Register
I've been pharmed.
No, my DNA hasn't been hijacked as part
of some
biotechnological gene study. Instead, I'm talking about a different
kind of experiment, in which thieves go after something else: my
identity.
Pharming is a term floating around these
days to
describe a sophisticated form of phishing. Phishing is a scam in which
crooks send bogus e-mails to folks in the hopes of tricking them into
replying with sensitive information, such as bank account and Social
Security numbers.
Lately, consumers have become a bit more
savvy,
learning to delete phishing e-mails or to prevent them by installing
anti-spam software on their computers.
But, pharming takes phishing up a notch.
For example, one of the pharming e-mails
I got
allegedly came from PayPal; where my husband has an account. The
message said PayPal had received a "report of unauthorized credit card
use associated with" the account. The e-mail provided me a link to a
web site dubbed the PayPal "Resolution Center," which would help me
review my account information.
Curious, and suspicious, I did a
dangerous thing: I clicked.
The link took me to a web site that had
a PayPal
logo and looked totally legit. When the site asked for my account
information, I stopped cold and forwarded the link to PayPal. A
representative of the online payment firm confirmed my suspicion,
telling me that I had been spoofed by a fake corporate web site.
And that is the danger: Pharming diverts
unsuspecting computer users to bogus corporate web sites that look like
the real McCoy. In most cases, pharming doesn't even involve e-mails.
Here's where it gets really scary. Often, a user can type in the web
address, or URL, into a browser and still be redirected to a phony
corporate site, where hackers then lure you into giving out personal
information.
The Department of Justice estimates that
2,800 fake
web sites exist in the world and are growing at rate of 15 percent each
month.
Luckily, I wasn't tricked.
But others have been, and the
consequences are
mind-boggling. Identity theft, which is the one of the fastest growing
types of consumer fraud, costs the average victim $740, and takes
roughly 600 hours of time to resolve, according to data announced at a
recent identity-theft conference held in Los Angeles by the Federal
Deposit Insurance Corporation. The latest federal data shows that in
2003, the total tab to consumers and the economy was over $50 billion.
So, if you think you're on a suspicious
site, get
out quick. Or you might face "clicker's remorse," like Mark Barrus, a
businessman who fell for the bogus PayPal e-mail.
His Huntington Beach company, www.iwanttoquitsmoking.com,
received the same message I did, asking him to update his company's
records. The site was so convincing with its PayPal and eBay logos,
Barrus wound up giving away the farm - inputting his company's bank
account numbers, PIN codes, and his Social Security number. That cost
him roughly $4,000 because he shut down his company for three days to
undo the damage by cancelling accounts and opening new ones, he said.
He's also paying Equifax $25 a month to
monitor his
credit in case someone uses his Social Security number. While Barrus
admits he was his own worst enemy, he's furious at PayPal for not
notifying him. PayPal spokewoman Amanda Pires said it has a team of
employees dedicated to investigating these spoof web sites and
routinely alerts its 71 million customers about the sites when they log
in to their accounts.
"It's disappointing that this happened
to this
consumer because that's what we work to avoid every day," she said.
The bottom line:
Regardless of what Corporate
America is doing to stem identity theft, companies can't do it alone.
Consumers need to wise up, too.
[Italics below are OURS]
If you don't trust a link
that's been sent to
you, hover your mouse over the web address and look at the bottom of
your browser to check out the "real domain" server where the link is
taking you. If you see a string of numbers instead of the company's
corporate name, it's probably a spoof.
When on a corporate
web site,
look for any sign
of authenticity such as a "lock" symbol at the lower right-hand corner
of the browser. This symbol indicates it's a secure site, according to
PayPal. For a list of possible suspicious pharming sites, go to www.pharming.org.
[Italics below are OURS]
Also,
remember, no legitimate company, bank or credit union asks its clients
to provide sensitive account information by e-mail or require online
confirmation of information you've previously provided them.
Before deleting a bogus
e-mail, forward
it to the
business being spoofed and to the Federal Trade Commission, which
investigates and prosecutes online scammers. E-mail the FTC at
spam@uce.gov.
Lastly, if you're not sure its legit,
then don't click.
Outlook Spam Settings | Outlook Junk Email Filter | Outlook Spam Blocker | Outlook 2010 Anti Spam | Outlook 2010 Filter |