Phishing is the term that describes the illegal attempt to steal sensitive information from unsuspecting people, most frequently over the internet. It often seeks to trick people into submitting their account passwords, banking or other financial information, or the answers to security questions. While some of the scams are clearly identifiable, due to their lack of professional appearance or poor grammar, others are sophisticated enough to create a money-making opportunity for the criminals behind the scams. Here are some of the newest scams to watch out for.(To learn more about scams, see Investment Scams: Introduction.) IN PICTURES: 8 Signs Of A Doomed Stock
- Web Browser Hijacking and Scareware
Hijacking occurs when malicious software that redirects web searches to fake websites is installed on a computer. For example, a pop-up ad that appears to be from a reputable internet security software company may indicate that your computer is under attack. Once the unsuspecting person clicks on the scareware message he is redirected to a fake website offering for purchase special software to combat the threat.
Once hijacked, the user may have difficulty reaching certain sites, since each search or address entry is redirected to another fraudulent website or sales pitch. At the least, web browser hijacking can be annoying. In certain circumstances, people enter credit card information into fake websites that are there for the sole purpose of collecting this type of information. The FBI indicates an estimated loss in excess of $150 million to these scareware scams. (Learn how to spot phishing scams, in Keep Your Financial Data Safe Online.)
Smishing is a type of criminal activity that is similar to phishing, but uses cell phone text messaging to bait its victims. The name combines SMS (Short Message Service, the technology used for cell phone text messaging) with phishing. This deceptive practice sends text messages claiming various occurrences that require immediate action from the victim. For example, the message might indicate that you will be charged a daily fee for your recent (non-existent) subscription, unless you cancel your order.
The message could also indicate that your bank account or credit card will be closed unless you update your details within a short amount of time, or that the account has already been closed and you must respond to reactivate. The directions will state that you must visit a particular website (that may even appear legitimate) or that you must call a specified phone number to cancel, confirm, update or reactivate your account. Information that is collected can be used to make online purchases, or can be used to manufacture fake credit or debit cards that can quickly be distributed anywhere in the world.
- eBay Phishing Attacks
Some eBay users have fallen prey to scammers gaining private account information by emailing eBay users that a temporary hold has been placed on their accounts, requiring verification. Once the victim clicks on the link provided in the email, they are directed to a bogus site that gathers the personal information.
In one recent case, the scammer used the eBay user's information to post 63,000 auctions that were listed as one-day Buy It Now sales where payments must be made via wire-transfers to the hijacker's account. eBay did not require the user to pay the $119,000 in seller fees that were accumulated by the scammer, and the auctions were removed within several hours. (Learn more, in Credit Scams To Watch Out For.)
- Craigslist Phishing Scams
Craigslist hosts online classified advertisements with sections for jobs, housing and sale items, among other categories. Users have accounts with personal information that scammers may try to steal through phishing emails. The emails are sent to Craigslist users indicating that the account has been blocked because of multiple failed login attempts. The message claims that the account will be deleted unless the user clicks on a link to sign in and confirm his or her identity. Once the victim enters the information in the bogus website, the scammer can use the account to set up fake sales items or for other nefarious purposes.
- Relief Appeals
Following world-wide natural disasters, many people receive either emails or text messages urging them to make a donation to assist those affected by the disaster. The scammers pose as legitimate charitable organizations promising to use your donation for a good cause. Instead, these can be phishing scams designed to gain access to your personal information, including the credit card number they hope you will enter to make a donation.
In addition, some of these message may include links for alleged photographs of the disaster, as with some fake Haitian earthquake relief messages from earlier this year, that are actually viruses that can infect your computer. In general, if you wish to donate to a charitable organization following a natural disaster, research the organization requesting the donation or donate only to well-established organizations - and only through their official website or phone number. (Find out how to avoid being a victim, in Shopping Online: Convenience, Bargains And A Few Scams.)
The Bottom Line
Phishing and smishing are here to stay. While new variants pop up every day, many of these scams revolve around the same principles: scare tactics that make you give up your personal information to avoid charges, subscriptions and account closures or other undesirable outcomes. You can help protect yourself by being suspicious of any email, letter, text message or phone call that requires you to take any action that would divulge any type of personal information. Your bank, credit card and accounts like eBay would never contact you in this manner requiring you to enter personal information.
If you do receive messages such as these, it is best to contact the company directly and let it know what has happened, and you can also report phishing emails to firstname.lastname@example.org.
For the latest financial news, check out Water Cooler Finance: The End Of The Recession.