KEROBOKAN, Bali ~ I was sitting in front of my PC, working away, when the taskbar began flashing and I saw a blinking Yahoo! Messenger: a friend from Jakarta wanted to chat.
He told me he’d had an email from Citibank instructing him to update his user-id and password. I advised him not to do it, to look at the link on the email and see if it was a Citibank address; he could also check by phoning the bank or logging on to www.fraudwatchinternational.com/internet/phishing/phishing_index.shtml.
My advice, as it turned out, was correct: someone had been phishing.
According to the people at FraudWatch International, an Australian web-based watchdog that acts with authorities to stop internet scams in their tracks, the term “phishing” (pronounced “fishing”) is a slang IT word. It does exactly what it sounds like: fishing – for information; bank account, credit card or social security data are what phisher-folk are after.
The most common way of phishing for information is through fraudulent emails that appear to be from banks or other instructions where you have accounts. Usually the scammers ask you to confirm your details, such as user-id and password, and then they swipe them – using credit card numbers to purchase products or even clearing out bank accounts. Scammers may also sell stolen data to identity-theft rings. Often the fake emails are used in conjunction with a bogus website that looks like that of the institution in question.
So if you fall for this internet scam, before you know it, you’ll have handed over all your e-banking logins, allowing the thieves to do as they please. You won’t be able to sue the banks, because they will rightly claim they gave you a separate, original user-id and password.
And this con is not just related to banking: phishing emails have hit online auction giant eBay and the email payment system PayPal, among others.
To afford yourself some protection, never click on hyperlinks within emails; instead, copy and paste them into your browser. Use SPAM-filtering software, install an antivirus program and ensure you have a personal firewall running (comes preinstalled with Windows XP).
In addition, keep your software updated – both the operating system and web browsers on your machine.
Look for the padlock icon on the bottom right of your browser when a site is asking for personal information; if it’s not there, don’t give any data.
Send an email to the experts, at scams@fraudwatchinternational.com, if you’re not sure about something.
Finally, if you want to know more about phishing, log on to www.microsoft.com/athome/security/email/phishing.mspx.