Laws on Phishing

If you believe you've been scammed, file your complaint with the FTC, and then visit the FTC's Identity Theft website at ftc.gov/idtheft. Victims of phishing can become victims of identity theft.



In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identify thieves. They use SPAM, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group (APWG) has compiled the Phishing Activity Trend Report and a list of recommendations below that you can use to avoid becoming a victim of these scams.


Phishing Activity Trends Report, 1st half / 2009

The number of unique phishing websites detected in June rose to 49,084, the second-highest number recorded since APWG began reporting this measurement.


Recommendations:

Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediatelythey typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure. Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser. Avoid filling out forms in email messages that ask for personal financial informati