NEW: Beware Vishing Scams

There's a new scam on the block, dubbed Vishing.

Vishing mimics phishing by trying to trap you into divulging your account numbers. But instead of being phished in an email message, you may receive a telephone call from an automated random dialer and the voice on the other end of the line may tell you your credit card has been used illegally. You are then asked to dial a fake 1.800 number with another voice that asks you to confirm your account details.

If you give the information, you can count on your accounts being drained.

One recent attack imitated PayPal. The fraudulent message urged victims to call a California based phone number to update credit card account information "to prevent any fraudulent activity from occurring". The number was traced to an Internet-phone service and shut down.

If you get an email message asking you to call a toll-free number to verify account information, delete the email. Never provide personal information or account information based on an email request.

Protect Yourself from "Phishing Scams"

"Phishing" is an email scam that attempts to trick consumers into revealing personal information--
such as their credit or debit account numbers, checking account information, Social Security
numbers, or banking account passwords--through fake Web sites or in a reply email. Typically the emails and Web sites use familiar logos and slick graphics to deceive consumers into thinking the sender or Web site owner is government agency or a company they know. Sometimes the phisher urges intended victims to "confirm" account information that has been "stolen" or "lost". Other times the phisher entices victims to reveal personal information by telling them they have won a special prize or earned an exciting reward.

Phishing scams are among the fastest growing forms of fraud on the Internet. According to the Anti-Phishing Working Group, phishing scams grew by 52 percent from December 2003 to January 2004. Do not trust or act upon unsolicited emails that request personal information such as passwords, credit card numbers, ATM PINs, social security numbers, etc.

How Phishing Works:

In a typical case, you will receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal institution regulatory agencies.

The e-mail will probably warn you of a serious problem that requires your "Immediate Attention Required" or "Please Contact Us Immediately About Your Account". The e-mail will then encourage you to click on a button to go to the institution's Web site.

In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual Web site. In those cases, a pop up window will quickly appear for the purpose of harvesting your financial information.

In either case, you may be asked to update your account information or to provide information for verification purposes: you Social Security Number, your account number, your password or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth.

If you provide the required information, you may find yourself the victim of identity theft.

How to protect yourself:

1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.

2. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can use the phone book or Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

3. Never provide your password over the phone or in response to an unsolicited Internet request. A financial insitution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.

4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electyronic account access, periodically review activity online to catch suspicious activity.

What to do if You Fall Victim:

Contact your financial institution immediately and alert it to the situation.

If you have disclosed sensitive information in a phishing attack, you should also contact the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name.

Equifax: (800) 525.6285 www.equifax.com
Experian: (888) EXPERIAN www.experian.com
TransUnion: (800) 680.7289 www.transunion.com

Report all suspicious contact to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft or by calling (877).IDTHEFT.

Latest Phishing Scams

• Citibank
• Smith Barney
• SunTrust
• LaSalle Bank
• PayPal
• NCUA (National Credit Union Administration)
• FDIC (Federal Deposit Insurance Corporation)
• CUNA (Credit Union National Association)
• Bank of the West (E-BAY)

Pharming: The next generation of web theft

Pharming is the newest technique used by criminals to steal personal and financial information. It is similar to "phishing" except the information is collected without the link in an e-mail. Instead, when you type in a URL from a bogus email, you are redirected to a fraudulent website. Criminals can either pretend to be the domain owner and have the company's name redirected to their servers or, more commonly, a virus or piece of spyware could redirect you to a hoax site.

Either way, the ultimate pupose is to steal information such a passwords, PIN codes, logons and other private data.

How to Avoid Pharming

The virus-based method of pharming is stopped by maintaining up-to-date antivirus, antispyware, and firewalls on your computer. This will greatly reduce the possibility that a virus will redirect you to the malicious Web site.

Additionally, be careful when entering sensitive information on a Web site. Look for the lock or key icon at the bottom of the browser. If the site has changed since your last visit, be suspicious. When in doubt, do not use the Web site.