Warnings About Cyberfraud ~ Phishing for your personal information ~ Nigerian email letter investment scam

by Michael Dennidson

Phishing (pronounced "fishing") is a type of brand spoofing. That is, the Web page of a legitimate Web site — such as your bank, PayPal, Best Buy, and so on — is recreated by a fraudster. An e-mail message is sent to you in an attempt to fool you into revealing your personal financial information or password data. Sometimes, to gain your personal financial information, "Phishers" will use

Social engineering: Phishing sometimes uses social engineering to gain your confidence Social engineering is when unscrupulous individuals exploit the weaknesses in people to gain confidential information, such as passwords that will compromise information system security

Social engineering is as a low-tech way that Internet users can have their iden tities stolen.

High-tech lures: The term phishing is used to describe how fraudsters use sophisticated lures to deceive everyday Internet users. Experts note that about 5 percent of all recipients respond to phishing exploits. Industry experts state that about 95 percent of all phishing exploits originate from a spoofed (forged) Internet address. About five new phishing exploits are reported each month. This is how it works:

The bait: You receive an e-mail message from your bank stating that,due to a security break-in, they need to verify your password and IDnumber.

The hook: You follow the link to the phisher's Web page. The spoofed Web page has a similar URL and looks just like the page you usually use.

Reeling you in: A pop-up appears, requesting that you sign on usingyour personal password and user ID.The pop-up is often a dead giveaway that something is wrong. It's important to report suspicious activity to the FTC. Another way to check whether some thing is wrong, in case a pop-up doesn't appear, is to compare the current URL to the URL you usually use. If the URLs are different, you're being scammed. If you get spam that is phishing for information and you want to help stop this type of activity, forward it to spam@uce.gov.

Nigerian e-mail letter investment scam: Over the last 18 months, I have received 147 variations (that's almost three e-mail messages a month) of the Nigerian investment scam I call these e-mail messages Nigerian, but recently many of these bogus business opportunities or advanced fee scams have originated from Iraq, Zimbabwe, London, Hong Kong, and South Africa

Often, these e-mail messages promise that I'll receive millions in return for helping a VIP collect money trapped in a Central Bank. The plea for help assures me that the investment is 100-percent safe. Each version of the e-mail appeal is slightly different, but the scam remains the same: I'm guaranteed 20 percent of all recovered funds. In some instances, the fraudster will ask for enormous amounts of money for fees, taxes, traveling expenses, and so on. I'm then asked to provide the name, address, and account number of my bank. For those investors who fall for the scam, the con artist uses this information to rob the investors' accounts. See the Federal Trade Commission's Consumer Web site located at www.ftc.gov/bcp/conline/ pubs/alerts/nigeralrt.htm, which offers a short history and details about this scam. If you're interested in more information about these scams, including copies of some of the initial letters and the extensive official documents that are sent to victims, download the Nigerian Advance Fee Fraud report from the U.S. State Department (www.state.gov/www/regions/africa/naffpub.pdf). You need to download Acrobat Reader from www.adobe.com to view the PDF file (if you haven't already downloaded and installed the free program).