Recognizing and Avoiding Phishing Attacks
Typically, phishing involves an email purporting to be from some legitimate agency, like a bank, investment firm, lottery commission, or the IRS. These emails will request information, often directing the user to a bogus web site. Such sites in turn will resemble the agencies’ real web sites. That’s why it is important not to follow links embedded in emails unless you’re sure of the identity of the sender. The crooks use the information gathered this way to access (and empty) victims’ accounts or steal their identity.
Being able to recognize and avoid phishing attacks is getting tougher all the time. The scammers are adopting crimeware kits that make it easier than ever to generate focused, targeted phishing attacks, including the emails and the bogus websites. The much-publicized ‘zeus’ crimeware kit is an example, which uses infected computers to spread more phishing attacks, viruses, and other malware.
Report Phishing to the Organization Named in the Email
Most banks, online merchants, and many government organizations offer specific ways to report the fraudulent use of their names. They will usually instruct users to forward any suspicious emails to specific accounts. They will examine the emails, and use the information to help protect their users or customers. Sometimes they will report their analysis back to the persons reporting the emails, but not always. Some examples of specific email addresses for reporting phishing follow.
PAYPAL: forward fraudulent emails claiming to be from Paypal to firstname.lastname@example.org . If you find (or are directed to) at a site that says it is a Paypal site, but you have doubts, report the fake Paypal site here .
EBAY: forward suspected phishing emails to email@example.com.
Bank of America: forward suspicious emails to firstname.lastname@example.org .
IRS: Any suspicious emails should be forwarded to email@example.com .
Most agencies have similar addresses for reporting phishing and other types of Internet fraud. To find them visit their web sites (do not follow links in suspected emails). On their sites, you can usually search for ‘reporting fraud,’ ‘reporting phishing,’ or something similar. You can also check their ‘contact us’ links available on most pages, to see if they list a contact for reporting fraud.
Report Phishing to Law Enforcement and Government Agencies
Aside from reporting phishing attacks to the various organizations whose names the scammers are using illegally, Internet fraud should be reported to one or more government agencies. They use the reports for research, law enforcement, and for educating the public on avoiding the scams.
In the United States, forward phishing attempts and fraudulent (spoofed) web sites to firstname.lastname@example.org . If you suspect that you have been a victim of Internet crime, including falling for a phishing attack, please report it to the Internet Crime Complaint Center (IC3) . This is a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance. They will evaluate the complaint, and forward it to the correct federal, state, local, and or international enforcement agencies. Victims should also call the FTC’s identity theft hotline toll-free at 1 (877) IDTHEFT, whose counselors are trained to help victims and take their complaints.
In the United Kingdom, scams can be reported to Consumer Direct . They collect information useful for warning others, and will forward information to the Office of Fair Trading, who may take enforcement action. For other reporting agencies, please see Consumer Fraud Reportings UK page.
Finally, Consumer Fraud Reporting also has a listing of government fraud centers around the world (scroll to the bottom of the page).
Final Tips on Phishing and Spam
Remember, these days almost no reputable financial institution, retailer, or government agency will ask you for sensitive information like credit card numbers or account passwords in an email. Emails directing you to a web site to input such information should also be suspect. The only thing keeping spammers and scammers going is the fact that enough people click the link, follow the directions, or buy the product to make it worth sending out millions of junk emails every day. Fight back. Don’t fall for it, report it!