1. News & Issues

'Spoofing' and 'Phishing' and Stealing Identities

FBI warns of latest expensive Internet traps and tricks

By

The FBI, Federal Trade Commission (FTC) and Earthlink have jointly issued a warning on how the growing ranks of Internet crooks are using new tricks called "phishing" and "spoofing" to steal your identity.

In an FBI press release, Assistant Director of the agency's Cyber Division, Jana Monroe says, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet.

The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "Customer Service" type of web site. Assistant Director Monroe said that the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.

"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.

In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.

"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.

"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet Service Provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.

FBI Offers Tips on How to Protect Yourself

  • If you encounter an unsolicited e-mail that asks you, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.

  • If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.

  • If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.

  • Always report fraudulent or suspicious e-mail to your ISP.

  • Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.

  • Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.

  • If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is legitimate.

  • If you've been victimized, you should contact your local police or sheriff's department, and file a complaint with the FBI's Internet Fraud Complaint Center at http://www.IFCCFBI.gov.
  • ©2014 About.com. All rights reserved.