FTC Resource

  Microsoft

  Dept of Justice

  Social Security Adm.

 
What is Phishing?

Phishing (pronounced "fishing") is an internet scam that comes in the form of pop-ups, e-mail, or fake web content, that is designed to get the user to enter personal and confidential information that can be used for identity theft, credit card theft, or other illegal activity.

Here is an example of how phishing works:  Let's say that one day you receive an e-mail from your "credit card company".  This official looking e-mail warns you of recent, suspicious-looking credit card activity on your account.  It asks you to click on a link that will take you to what you believe is the credit card company's official web site.  What looks like the official site is actually a cleverly forged web site, duplicated down to the smallest detail.  The link has taken you to a web page that now asks for confidential, personal information.  It may ask you for birth dates, Social Security Numbers, Mother's maiden name, driver's license numbers, passwords, and bank account numbers (including checking account numbers), etc.  All used by legitimate credit processing companies to establish credit, obtain loans, etc.  If you enter this information, you will likely become a victim of fraud or theft.

   How to protect yourself.

1) Never enter any confidential information on any internet inquiry- whether you believe it is legitimate or not.  If you do, you run the risk of fraud or theft, including identity theft.  Do not apply for credit card applications, or loans over the internet.  Never give out your birth date, social security number, or any other confidential information over the internet.

Most credit card transactions are safe.  Millions of internet transactions are processed every year.   Be familiar with your credit card's policy on theft.  Many credit card companies limit your liability, so even if a theft occurs, you are reasonably protected.  Always report any unapproved activity to your credit card company immediately.  If you become a victim, you will have to cancel your credit card.  Remember that when entering credit card information during a internet transaction, do not enter confidential information such as social security numbers, birth dates, drivers' license numbers, passwords, and especially bank account numbers.  If a credit card transaction form asks for this information, cancel the transaction immediately.  This is a red-flag for an illegitimate transaction.  Legitimate questions include billing address, shipping address, home phone number, credit card number, expiration date, credit card telephone number, and any other information printed on the card itself.  If you receive an e-mail from the company you purchased from, asking for personal information, contact your credit card company immediately.  They will help you in determining how to proceed.

To see an example of an e-mail phishing scam click here: Example
This example e-mail may look like it comes from Ebay™, but it's really an attempt to direct you to a fake web page that asks for personal information.  To view the example, Acrobat® Reader is required.

2) Never click on any e-mail link that asks you for personal information.  If in doubt, call the company that the e-mail appears to originate from.  Let them know if you suspect phishing. This will help alert the authorities to criminal activity.

3) Microsoft will never send you an e-mail unless you are an officially Microsoft-registered or authorized partner.  End-users will never receive an e-mail from Microsoft - do not respond to any e-mail that looks like it comes from Microsoft.

4) Do not respond to any e-mail spam.  Period!  Be suspicious of any e-mail that is grammatically incorrect or contains obvious spelling errors.  

5) Always be on your guard for fraud or identity theft.  Every year, 10 million people are victims of identity theft.  For more information on this subject go to the USA's FTC's web site for identity theft at http://www.consumer.gov/idtheft

6) Stop those credit card offers- simply go to the FDIC web site at http://www.fdic.gov/consumers/privacy/privacychoices,  and "Opt Out" by calling the Consumer Credit Reporting Industry Op-Out hot line at
888-567-8688.  This will allow you to remove your name from the list that many credit card companies use to send credit offers through the mail.

Also check out http://www.ftc.gov/bcp/conline/pubs/alerts/optoutalrt.htm

7) Get a free copy of your credit report and make sure it is accurate..  go to http://www.ftc.gov/bcp/conline/edcams/credit/ycr_free_reports.htm

For more identity theft protection info, go to The Federal Trade Commission web site at http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm.

   The Future: Electronic Identity Cards

Whether we agree or not, many countries are actively developing an electronic identity card for purposes of establishing identity and citizenship.  France, Germany, Belgium, Greece, Luxembourg, Portugal and Spain all have National ID cards (non-electronic), and starting in 2008, the United Kingdom will begin to issue their new cards. Currently only Estonia, Finland, Italy, and Sweden have or will soon implement true Electronic ID cards.

The European Union is working on "e-ID" - a form of electronic identification based on "smart cards"

The ID World web site is at http://www.idworldonline.com.

Sweden and Norway introduced Biometric passports on October 1, 2005, with Germany soon to follow.

Just recently, the US is proposing to implement the "e-passport".

Over the next few years e-ID will likely become the standard for Identity protection.  It remains to be seen if the US will follow, but many privacy organizations are expected to make this a difficult policy to implement.

For more information on phishing, go to Microsoft's security site at http://www.microsoft.com/athome/security/email/phishing.mspx