(Phoenix, AZ) Attorney General Terry Goddard today advised Arizona residents to beware of a variety of cyber scams called "phishing" and "pharming."
"ID thieves are becoming more sophisticated in their schemes," Goddard said. "It is important for Arizonans to understand these scams and protect themselves when using the Internet."
Phishing - What is it and how does it work?
"Phishing" refers to the practice of sending unsolicited e-mails to individuals for the purpose of identity theft.
"Phishing" utilizes an official-looking e-mail, pretending to be from a bank, financial institution, or other commercial business, warning that your account was either "compromised," that existing account information needs to be "updated," or that you password has been changed.
The email will have a tone of urgency for a response and the consumer will be told to:
- Reply directly with personal information (such as name, credit card numbers, passwords or PIN numbers, Social Security numbers, addresses, and phone numbers);
- Click onto an Internet link that opens a look-alike website that asks you to type in the information and hit enter; or
- Call a bogus phone number that uses a recording or a live "customer representative" to dupe you into handing over your information.
Until recently, phishing e-mails have largely targeted individual consumers. New methods are now targeting businesses and their employees as well. Scammers will obtain an employee's e-mail address and send the employee an e-mail pretending to be from the company's computer network administrator or human resources department. The employee is asked to reply with personnel information or user logins and passwords, or is directed to click a link into a look-alike phony Internet website.
How can I protect myself?
- Be suspicious! Remember that no legitimate business will ever ask you to relay your personal information in such a manner.
- Never reply or click on provided links, and don't use any contact phone numbers provided in the e-mail. Never log in or enter private information in a pop-up window.
- Do not use the unsubscribe feature of an email because scammers use this feature to verify your email address is valid, active, and that the person reading it may be unaware that it is actually an attempt at identity theft.
- File a complaint with the Internet Fraud Complaint Center (a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center). The complaint can be registered at http://www.ic3.gov/default.aspx.
If you have any questions or concerns over the status of your real financial account or employment personnel information, call the company directly by using a telephone number from a reliable source (phone book or directory assistance, monthly statement, etc.).
Pharming - What is it and how does it work?
"Pharming" involves technology that redirects an Internet user unknowingly to a counterfeit website, and is rarely used because it requires planting software in the user's own computer or on a server that directs traffic to the Internet. This technique works one of two ways:
- By downloading a file on an individual's personal computer that modifies the Internet browser's address bar, leading a unknowing user to type in what is desired as a "valid" address ("URL"), when in fact they are being redirected to the criminals' Web sites;
- By covertly modifying a DNS server (a system that translates domain names into IP addresses) in such a way that everyone who uses that server and types in what seems like a valid URL will instead be taken to the criminal's website site.
"Pharming" is all about access. In order for this to work, a scammer needs to have actual or remote access to a target personal computer or server in order to install their program. This can also be accomplished if a victim inadvertently opens an e-mail attachment that contains a virus known as a "Trojan Horse."
How can I protect myself?
- Be suspicious!
- Never open an unsolicited or unexpected e-mail attachment from someone that you don't know. Even if it comes from someone you know and trust, make sure that the sender actually meant to send it to you. Even then, scan it with up-to-date anti-virus software before opening it.
- Install, use and update effective anti-virus software. Know how to use it and its limitations.
Some software companies offer free anti-virus software. Research the company and the software offered to ensure it will work on your computer.
- Check with your operating system company (Microsoft, MacIntosh/Apple) to determine if they offer free anti-virus and firewall protection.
- Apply system updates and security-related patches to your PC from a trusted source as they become available. If you use Microsoft products, you can find more information at https://technet.microsoft.com/en-us/security/default.aspx.
- For Apple and Mac download products, you can go to http://www.apple.com/downloads/.
- Don't leave your computer unattended for any period of time without logging off. Someone who is alone with your computer can run programs in such a way that software protections on your computer will not be able to prevent it.
Preserve your privacy:
- Never use the "unsubscribe" feature in spam emails or reply to any spam e-mails. All you do is confirm the validity of your email address.
- Keep your login and password information secret. Also, never select any option on web browsers to store or automatically remember your user names, passwords, or other sensitive information.
- Never disclose your personal, financial, or credit card information on any public or multiple-use computer.
If you believe that you may have been a victim of any Internet fraud, you may post a complaint with the anti-phishing group called Digital PhishNet, a joint enforcement effort between private industry and law enforcement agencies such as the FBI, the U.S. Secret Service and the U.S. Postal Inspection Service. The complaint can be registered at http://www.ic3.gov/default.aspx.
For more information on this and other important consumer topics, please visit the Attorney General's Website at www.azag.gov.