November 6th - 2005

Something “phishy’s” going on. Protect yourself against e-mail fraud

E-mail scammers are using realistic bait to lure unsuspecting consumers onto their hooks these days.

E-mail scammers are using realistic bait to lure unsuspecting consumers onto their hooks these days. Fraudulent “phishing” e-mails are created to imitate legitimate e-mails – often copying actual corporate logos and communication.

Billions of phishing e-mails are sent out every month and can lead to identity theft, security breaches, and financial loss. The average successful fraud nets $1,400, and the latest research estimates that phishing caused more than $44 billion in damages worldwide in 2004. Thieves send an e-mail or instant message that masquerades–right down to the sender's e-mail address–a-s a message from a reputable company such as Citibank, eBay or MSN. If you take the bait, you put your money–and your identity–at risk.

The message capitalizes on your trust of a respected brand by enticing you to click a link. The link takes you to an equally convincing (and equally fake) web page or pop-up window that's been set up to imitate the legitimate business. Once there, you're asked to divulge sensitive personal information such as your Social Insurance number, a bank account or credit card number, or a validation code, password or personal identification number (PIN).

Here are a few examples of the scams that thousands of people have received e-mail messages pretending to be from:

  • Their "bank" requesting verification of an $829.49 charge for a hotel in New Delhi, an imitation so meticulous that it included bank logos as well as promises to safeguard privacy. Readers had only to click "STOP THIS PAYMENT" to go to an equally convincing page where they would reveal account information needed to "deny payment."
  • Their "cell phone company" saying that a charge to their credit card on file was declined. The message includes a threatening statement like: "Your account could be suspended unless you click this link to update your credit card information immediately."
  • "MSN" addressed to "Darling MSN services client" informing them that their MSN service would be "deactivated" if they didn't confirm their identity at once by clicking the link provided.

How to protect yourself
Because phishing e-mails are designed to look like legitimate business correspondence, they consistently elude spam filters. However, there are software programs that are specifically designed to identify e-mail phishing fraud, such as MailFrontier.

Your best line of defence is to be aware that these phishing scams exist and watch out for them. Here are a few tips to help you avoid becoming a victim of phishing fraud:

  • Be suspicious of any e-mail with urgent requests for personal financial information. Unless the e-mail is digitally signed, you can't be sure it wasn't forged or 'spoofed'
  • Don't use the links in an e-mail to get to any Web page, if you suspect the message might not be authentic. Instead, call the company, or log onto the Web site directly by typing in the Web address in your browser
  • Avoid filling out forms in e-mail messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure Web site or the telephone
  • Always ensure that you are using a secure Web site when submitting credit card or other sensitive information via your Web browser To make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://"
  • Regularly log into your online accounts; don't leave it for as long as a month before you check each account.
  • Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers
  • Ensure that your browser is up to date and security patches are applied

How to report "phishing":
You can forward the e-mail to the "abuse" e-mail address at the company that is being spoofed (e.g. "spoof@ebay.com") including the entire original e-mail with its original header information intact or send it to RECOL (Reporting Economic Crime On-Line) at www.recol.ca or The Canadian Anti-Fraud Call Centre, www.phonebusters.com or call 1 888 495-8501. Also check out these Web sites for more information about phishing fraud and how to avoid it:

http://www.psepc-sppcc.gc.ca/publications/policing/phishing_e.asp#report

http://safety.msn.com/phishing/default.armx.

Share this item

OREA volunteers keep the wheels turning Consumer awareness week

For more information contact

Ontario Real Estate Association

Jean-Adrien Delicano

Senior Manager, Media Relations

JeanAdrienD@orea.com

416-445-9910 ext. 246

OREA AI Assistant