CBC In Depth
IN DEPTH: BEGINNER'S GUIDE TO COMPUTER SECURITY
Protecting your personal information
CBC News Online | Feb. 18, 2005

PHISHING | »SHOPPING ONLINE | »SPYWARE | »COOKIES | »WIRELESS NETWORKS

Avoiding the phishers


"The vandals are becoming fraudsters and electronic pickpockets."
Identity thieves are using more sophisticated methods to get consumers to divulge their personal and confidential information.

Bill Rosenkrantz, group product manager for internet security firm Symantec, says that in the last seven years, the internet has gone from an information source to an ATM: "Thirty-five to 40 per cent in the U.S. use the internet for financial transactions."

"Historically, hackers and virus writers would attack systems for ego's sake. But now it's financial," according to Rosenkrantz. "The vandals are becoming fraudsters and electronic pickpockets."

The past year has seen the rise of "spoofing" and "phishing," and of the number of home users falling victim to these online scams.

Phishing is fraudulent e-mail that tries to dupe recipients into providing their personal and financial information, such as credit card numbers or online banking passwords.

It works this way: By "spoofing" e-mails, phishing attacks make it appear as if the messages comes from a legitimate organization that a home user may have dealt with, such as a bank or a credit card company. The e-mail may request account details for "urgent security reasons." The message may also point the recipient to a "spoofed" website that resembles the real financial site.

Phishers are able to get up to five per cent of recipients to reply, according to the Anti-Phishing Working Group, an industry association that monitors phishing scams worldwide. The organization points out that the most targeted industry for phishing attacks is financial services.

In 2004, for the month of December alone, the organization reported 9,019 new phishing e-mail messages, and 1,707 active phishing sites with 55 brand names hijacked.

Highlights of the 2004 phishing survey
  • Only 16 per cent of Canadians with a personal e-mail account and internet access were familiar with the term phishing.


  • Once the term "phishing" was explained, 31 per cent noted they had received at least one request for personal information that they believed to be fraudulent.


  • Four per cent reported that they'd been a victim of phishing and had revealed private information.


  • Only 51 per cent said they would report future phishing attempts.


  • 66 per cent said they were concerned about phishing.


    • Source: Visa Canada
The rise of online fraud brought the RCMP, the Competition Bureau and Visa Canada together to launch a consumer awareness campaign in November 2004. According to the Visa survey of 1,200 Canadians, the majority of respondents with an e-mail address and internet access have never heard of "phishing," despite increased reports of phishing incidents. If their bank or credit card company requested personal information via e-mail, nearly 60 per cent of those surveyed admitted they would likely supply that information.

How to avoid getting "phished" in
  • Don't respond to e-mails requesting your personal information.
    • Legitimate companies do not ask their customers for confidential information, such as passwords and account numbers, in an e-mail.

    Bad spelling and grammar are giveaways that an e-mail isn't from a reputable company, says the RCMP's Cpl. Danis Lafond. Phishers will often make an urgent claim such as "your account will be closed" or use other attention-grabbing messages in an attempt to get you to reply quickly.

    If in doubt, phone the business in question. Use a phone number that you've obtained from a reliable source, and not from the suspect e-mail.

    Don't open attachments or download files. Phishers can use these to infect your computer with a virus or spyware.

  • Don't click on links inside e-mails.
    • If you're uncertain about a website address that appears in an e-mail, go to your browser and enter the legitimate address manually. Phishers can use links to point recipients to a "spoofed" site, using an address similar to a real bank's URL.

  • Protect your computer.
    • Use updated anti-virus software, load the latest security patches for your operating system and browser, and install a firewall to help protect your system from unwanted attention. Anti-spam software can help stop phishing e-mails from getting into your inbox.

  • Report suspicious e-mails.
    • Notify the legitimate company if you receive any e-mails that you think might be fraudulent. If you think you've been reeled in by phishers, and provided confidential information, contact the companies that hold those personal accounts as well as the police department, says Cpl. Lafond. You can also file a report with reportphishing@antiphishing.org. Review your credit card and bank statements every month to check for errors or unauthorized transactions.


NEXT: SHOPPING ONLINE

^TOP
MENU

MAIN PAGE TOP TIPS SAFE PRACTICES
PROTECT PERSONAL INFO: AVOID THE PHISHERS SHOPPING ONLINE SPYWARE WHAT'S IN A COOKIE? GOING WIRELESS
PROTECT YOUR INBOX: STOP SPAM
KIDS ONLINE: SAFETY TIPS
SECURITY ISSUES: BIOMETRICS GOVERNMENT'S ROLE
GLOSSARY: INTERNET SPEAK
INTERACTIVES: TAKE OUR SECURITY QUIZ ASK THE EXPERTS
RESOURCES

CREDITS

RELATED CBC
BACKGROUNDERS:
Phishing for fraud
EXTERNAL LINKS:
CBC does not endorse and is not responsible for the content of external sites. Links will open in new window.

Anti-Phishing Working Group

Visa Canada: Phishing scams

Phone Busters: Canadian anti-fraud call centre

RCMP: Internet security

More links on the Resources section
MORE:
Print this page

Send a comment

Indepth Index