Phishing in its "classic" variant is relatively well-known. Actually, 43.4 % of adults have already been contacted by phishers, says the survey released on May, 17 by First Data Corp.
Despite the sad fact that about 5% of phishing attempts are successful for fraudsters, PC users are getting more cautious about bogus e-mails asking for personal and/or financial information.
As public awareness of phishing methods grows, phishers are inventing new tactics in an attempt to delude people.
Yet Another Phishing Scheme: Don't Fax Back, Please
On August 10, 2005 experts from SophosLabs warned us users about a new phishing trick. No bogus websites this time: phishers were trying to make people to send their credit card information… by fax.
The emails claim to be from Paypal, the payment system used by the popular Ebay auction website. They tell a user that a security breach has occurred - someone tried to reset his password. Rather clichéd, isn't it? Lots of phishers follow this pattern.
The difference is that no bogus online forms are involved. The email urges the user to download the form (Microsoft Word document), fill it and send by fax.
The online form is hosted on a Polish server. The fields to fill in include: credit card details used in the Paypal account (name on the credit card, its number, type, expiration date), as well as email address on Paypal account with password, post address and phone numbers.
With such a lot of personal identifying information it won't be difficult for a fraudster to pose as this person and commit a bunch of crimes, from cleaning all money from the account to setting deals under the victim's name.
One hasn't to be a genius to guess what people this scam is aimed at. Having heard and read about bogus phishing websites, users are getting suspicious about filling forms online. They might think that faxing personal details is safer -- and make a very costly mistake. Phishers take advantage of our carelessness and credulity.
eBay Scheme - Specially for Kind-Hearted
This scam is even more brazen, because it exploits people's generosity and kindness. Giving a helping hand to an elderly woman – what can be more natural for any human being?
Emails come ostensibly from Greta, a wheelchair-bound woman of 89. This lady can't find a particular auction, so she "asks you for help".
When some Good Samaritan, willing to assist her, clicks the link in the email, he or she is directed to a bogus eBay site, then, unaware of the deceit, clicks the 'respond now' button and logs on. User names and passwords, obtained this way, most likely will be used to set up deals on eBay under names of other people.
The only way to prevent such scams is stop being credulous and careless. Don't uncritically believe everything you read about -- especially in emails from people you don't know personally.
Don't give out your personal information before verifying where it goes to and whether the claim is genuine.
Whatever the means of providing information -- phone, fax, snail mail or email -- if you hand out certain information, you lose it.
Spam remains one of the favorite tools for identity thieves of all stripes. Never responding, never clicking links within fraudulent spam messages, or, even better, deleting them straight away should become a habit, like washing hands or cleaning teeth.