The Bad Guys Are Phishing For Your Personal Information
by Tim Knox
Copyright © 2005
Do you know what "phishing" is? No, it doesn't mean you grab a phishinï¿½ pole and head to the nearest phishinï¿½ hole to catch some phish.
Phishing has a much more sinister connotation. The official Webopedia definition of "phishing" is as follows: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the userï¿½s information.
Phishers are also on the prowl for your business information. Your business credit card number, for instance, is like gold to a phisher. Same for your bank account number, lines of credit information, financial data, purchase order numbers, etc.
Phishers prey on ignorance, fear, and emotion. They also play the numbers game. The more bait they email out, the more phish they'll catch. By spamming large numbers of people, the "phisher" counts on his email being read and believed by a percentage of people who will volunteer their personal and credit card information.
One group that is constantly baited by phishers is the eBay community, i.e. the tens of millions of people worldwide with eBay accounts. Thereï¿½s not a day that goes by that I donï¿½t receive an email supposedly from eBay asking me to update my account information. I know better than to fall for this scam, but I have to admit, the latest scam email is pretty convincing. Even this old Powerseller did a double-take before realizing that the phishers were at it again.
The sender of this email is listed as: eBay Member and the email subject line reads: Question from eBay Member. The email begins: "Question from eBay Member -- Respond Now. eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will not reach the eBay member. Use the Respond Now button below to respond to this message."
The email then takes on a threatening tone. It reads: "Question from rivernick: I'm still waiting payment for my item for about 7 days. What happened? Please mail me ASAP or I will report you to eBay."
The recipient is then prompted to respond to this rather disturbing email by clicking a "Respond Now." button.
Listen to me: DON'T TOUCH THAT BUTTON! Of course the email was NOT sent by an eBay member or sent via eBay's messaging system, as it appears. Doing so will take you to a website designed to look like eBay where you will be prompted to login using your eBay user name and password.
Once you pass this point you will be asked to update your account information before proceeding. Unknowing souls will offer not only their eBay password, but personal and credit card information, as well, without even knowing that they are about to have their identity stolen.
The one thing that makes this scam so effective is the threat by the supposed eBay member to "report you to eBay."
The email preys on the fear of most eBay members that they are in danger of receiving negative feedback. Many eBayers would rather have you cut off a pinky than leave them negative feedback. It is this emotion that the new phishers are hoping to hook and I expect it is working well.
The phisher is betting that most people will either be horrified by the threat of being wrongly reported to eBay or they will be ticked off that some jerk is threatening them by mistake. Either way the phisher is counting on a percentage of people to have a knee-jerk reaction and login to the phisherï¿½s fake eBay website to clear matters up.
I've never seen statistics on the percentage of people who take the bait after receiving phishing emails, but if a phisher gets a mere 1% of recipients to turn over their personal information, he will consider his phishing expedition a success.
I've warned you about these phishing scams before, but let's review it one more time.
NEVER reply directly to an email that appears to have come from eBay, Paypal, Amazon, or anyone else asking you to click a link in the email to update your account information. If there is any doubt in your mind whether or not the email is really from eBay, for example, open a browser and type in the URL http://www.ebay.com. NEVER click a link within the email to respond.
NEVER believe that an email supposedly from another eBay member is for real. Again, do not click an email link to reply. Open a browser and go to eBay directly and log in. If the email was from a real member, there will be a record of the inquiry in your My eBay account.
You must be aware that there are bad guys out there who do nothing but spend time trying to come up with new and innovative ways to steal your personal and business information.
Be paranoid. Be aware. But don't be fooled.
The phishers will cast their line, but you do not have to take the bait.
Here's to your success,
Do you have a question about small business?Submit your question to Tim and if he answers it on this website or in the Small Business Q&A; Newsletter you will win a FREE ebook of your choosing from Tim's extensive library!