Protect yourself: Holidays are prime time for phishing scams

ByABC News
November 22, 2011, 8:10 PM

— -- As the holiday shopping season revs up, an increasing number of cybercriminals are trying to lure online shoppers into divulging sensitive information on bogus forms, or into clicking on viral Web links or videos that will infect your PC with a nasty data-stealing program.

So-called "phishing" plays on people's fears and expectations. Phishing always spikes with holiday shopping, celebrity scandals, weather disasters and big sporting events. Here are some tips from experts on how to protect yourself. Be on high alert for:

•Bogus forms. E-mails and pop-up messages that ask you to type your account username and password, credit card number or personal information such as Social Security number and date of birth are usually bogus. "Be very skeptical when opening e-mails," says Daniel Salsburg, assistant director of the Federal Trade Commission's division of marketing practices. Legit organizations never solicit such information in an e-mail.

Don't reply. Instead, independently find the organization's phone number and call to verify the request. Never use a phone number listed in the potentially malicious e-mail.

•Personalized warnings. Phishers will suggest urgent action that needs to be addressed in connection with an IRS, Social Security or Department of Motor Vehicles matter. The scammer may even use private information culled from a simple online search or from a social network to get you to submit information or click on a viral Web link, Salsburg says.

Some scammers do research on jobs websites to target the unemployed with bogus work-at-home schemes, says Peter Cassidy, secretary general for the non-profit Anti-Phishing Working Group. "The bad guys see opportunities to feast on the people who are looking for work," Cassidy says.

•Innocent messages. An e-mail from a co-worker that says to open a file to see vacation or baby pictures could be a threat. The most effective phishing scams are the ones consumers least expect. "Everyone has to be suspect," Cassidy says. "Take nothing for granted."

Scammers make up cyberpersonalities and gain people's trust over time. Then they say they need help and ask victims to wire them money, he says.

In addition to being wary of attacks, you should think about data you can access at work — information that might be valuable to criminals. Be circumspect about online relationships. Holding a position of power or influence can put you at a higher risk of being targeted.

But even those who don't think they have power could be attractive targets for scammers. "Don't consider yourself too small to care about," Cassidy says.

Slow down. Don't automatically click on every link you get in your inbox. Navigate to the site's homepage and "don't wander aimlessly into websites," he says. "Direct your path through the Web."

Anti-virus protection and updated software and browsers are also important to protect private information from phishing, Cassidy says.

Report scams

The Federal Trade Commission collects the e-mails for research about spam trends and puts them into a database made available to law enforcement agencies, says the FTC's Daniel Salsburg.

The FTC also builds cases against scammers by using e-mails sent in by consumers. This year, the FTC got a court order banning a man from sending mass text messages and e-mails that deceptively advertised home loan modifications. "It was made possible because of the volume of e-mails consumers had sent to us," Salsburg says.

Forward phishing e-mails to:

•Federal Trade Commission at spam@uce.gov

•Anti-Phishing Working Group at reportphishing@antiphishing.org

•The company, bank or other organization that the e-mail impersonated.

File a complaint with:

•FBI's Internet Crime Complaint Center at www.ic3.gov/

For more information about phishing, go to OnGuardOnline.gov, a partnership of 15 government agencies that aims to protect Internet users.