Protect Yourself Against “Phishing” and “Spoofing”

The FBI, Federal Trade Commission, and EarthLink have jointly issued a warning on how growing ranks of internet crooks are using tricks called “phishing” and “spoofing” to steal your identity. In an FBI press release, Assistant Director of the Cyber Division, Jana Monroe says.

Bogus e-mails that try to trick customers into giving their personal information are the hottest, most troubling and new scam on the Internet.

It’s the same old story with a new twist. When I was on-the-job working as a professional jewel thief, I used fraud and deception to pull of a successful burglary. I never appeared to be who and what I really was. People don’t expect a burglar to be dressed in a tennis outfit, one of my favorite ways of dressing when in Florida. The same concept goes for this new breed of Internet crooks. Receiving unsolicited e-mails directing you or re-directing you to a phony customer-service-type website is one of their most successful techniques. That particular scam is one reason for the rise in identity theft, credit card fraud and other Internet frauds. It reminds me of “bait and switch” scams that have been around forever and are used to trick consumers into buying products they don’t want or need.

Here are a list of terms used to get all your personal, financial and confidential information:

1. Spoofing and phishing frauds attempt to make Internet users believe they are being contacted from a trusted source when that is not the case. These methods are used to convince people to provide personal or financial information that enables the scammers to commit credit card/bank fraud or other forms of identity theft.
2. E-mail spoofing makes the header of an e-mail appear to have originated from someone or somewhere other than the actual source. Criminals use spoofing in an attempt to get recipients to open and possibly respond to their solicitations.
3. IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends a message with an IP address indicating that the message is coming from a trusted source.


Don't fall for scams like this! (thanks to contributor Bethan Tuttle for the pic)

4. Link alteration involves altering the return address in a web page sent to a consumer to make it go to the hacker’s site rather than the legitimate site. This is accomplished by adding the hackers address before the actual address in any e-mail or page that has request going back to the original site. If you receive a spoofed e-mail requesting “click here to update” your account information and then is re-directed to a site that looks exactly like their Internet Service Provider, or a commercial site like EBay or Pay Pal, there is a chance that you might follow through in submitting your personal and/or credit information. Of course you don’t want to do that.

Tips to protect yourself:

1. If you receive an unsolicited e-mail that asks for, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers—exercise extreme caution!
2. When updating information online, use the normal process you’ve used before, or open a new browser window and type in the website address of the legitimate company’s account maintenance page.
3. If a website address is unfamiliar, its probably not real. Only use the address you have used before. Or start at your normal homepage.
4. Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the website address—indicating that the site is secure.
5. Always report fraudulent or suspicious e-mail to your ISP.
6. Most legitimate sites will have a short internet address that usually depicts the business name followed by “.com”, or possibly “.org.” Spoof sites are more likely to have an excessively long string of characters in the header with the legitimate business name somewhere in the string or possibly not at all.
7. If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable website’s URL address, send it the legitimate company and ask if the request is legitimate.
8. If you’ve been victimized you should contact your local police and file a complaint with the FBI’s Internet Fraud Complaint Center.

Over the years I’ve discovered criminals use the same scams over and over again with a slightly different/new concept to try and overcome the latest changes/advances in crime-prevention and newly developed technology. However, honest, ethical and caring people always outsmart the low-life’s who think they have invented the perfect scam. Our prisons are overflowing with these creeps who, in reality, have only invented the perfect way to get to prison.

Stay Safe.

George Feder is a former master jewel thief and former America’s Most Wanted Correspondent. Visit GeorgeFeder.com or follow him on Twitter (@GeorgeFeder) to go inside the criminal mind and get tips on how you can stay safe.

Search your neighborhood crime map at CrimeReports.com

Tagged as: crime prevention, George Feder, identity theft, internet, Internet Crime, internet safety, online safety, phishing, spoofing, technology