Mellody Hobson: Go Phish

Jan. 11, 2004 — -- Unfortunately, along with the outpouring of financial support for the tsunami victims in Southeast Asia, there has been an increase in the computer scam known as "phishing." Also called spoofing, phishing is one of the latest threats to the security of your personal information. So-called "phishers" send fake e-mails to consumers, posing as financial institutions, Internet service providers, online bill payment vendors, retailers and even charities, such as the American Red Cross.

A typical phishing scam occurs when an unsuspecting recipient receives an e-mail directing them to a phony Web site where they are asked to verify or update their account information by re-entering pertinent information, such as their Social Security number, credit card number, account username or password. This information is then stolen by scammers and often results in credit card fraud and identity theft, not to mention millions of dollars in losses. In fact, in the past two years, consumers have lost anywhere from $150 million to $500 million from phishing-related activities.

What's in a Name?

The term "phishing" is an analogy for criminals who "fish" around for people's personal information, using fake e-mails as the bait. "Ph" commonly replaces the letter "f" in hacker language and reflects the original type of telephone hacking called "phreaking" which occurred in the 1970s. Phishing first appeared in 1996 when Internet scammers began stealing people's AOL passwords to use their accounts. Since then, it has developed into a much larger phenomenon, with phishers posing as representatives from a wide range of industries and organizations. A prominent example of the scam occurred during the 2003 holiday season when Visa was a major target.

A Growing Trend

A June 2004 study by the Gartner Group approximated that 57 million consumers in the United States received a phishing e-mail in the previous 12 months, and the 11 million who responded to these e-mails became victims of identity theft. Unfortunately, with the increasing prevalence of phishing, this number is bound to rise. According to the Anti-Phishing Working Group, there were 8,459 new phishing e-mail messages in November 2004 alone, representing an increase of 34 percent since July 2004. Worldwide, the United States has been the most affected by this scam, hosting 27 percent of the phishing Web sites. However, the number of phishing sites in China has grown significantly in recent months, with the country hosting 21 percent of all sites. While many industries are targeted, the financial services sector has been most affected, representing 75 percent of hijacked brands in November.

Protect Yourself

With phishers becoming more and more sophisticated, it is becoming more and more difficult to police these scams so consumers need to be ever-more vigilant. That said, you should always be cautious when an e-mail requests personal information, even if the sender appears to be from an institution with which you do business. Most phishers use language that make action on your part sound urgent and necessary, and may even include a company logo in their e-mails to you. However, fake e-mail messages are usually not personalized for you, whereas valid messages will be. Additionally, keep in mind that most legitimate companies do not send e-mails requesting your personal information.

Other important tips to consider include:
Do not use Web links in a suspicious e-mail to access a Web page. Instead, call the company or type the main Web address directly into your browser.

Do not disclose personal information online unless it is over a secure connection. You know a Web site is secure if it begins with https:// rather than http://.

Download a free Web browser toolbar that will alert you if you try to access a known phishing Web site. The Anti-Phishing Working Group recommends Earthlink's ScamBlocker, which can be downloaded for free at http://www.earthlink.net/earthlinktoolbar.

Check your credit card and bank statements and other online accounts regularly to ensure there are no discrepancies.

Make sure your computer has the most up-to-date security patches.

If you receive phishing e-mails, forward the entire message, header included, to the following places:

Anti-Phishing Working Group: reportphishing@antiphishing.com

Federal Trade Commission: sapm@uce.gov

Additionally, you should file a complaint with the Internet Fraud Complaint Center of the FBI (www.ifccfbi.gov) and notify the company that has been victimized.

If you realize you have provided your personal financial information to an illegitimate source:

Alert your credit card company and bank immediately.

Cancel your current account(s) and open a new one.

Report any incidents of identity theft to the three major credit reporting agencies -- TransUnion, Experian and Equifax.

Contact the Social Security Office, Department of Motor Vehicles or passport office, as necessary.

File a police report.

For online shopping accounts, try to change your password and undo damage.

Mellody Hobson, president of Ariel Capital Management (arielmutualfunds.com) in Chicago, is "Good Morning America's" personal finance expert. Ariel associates Matthew Yale and Aimee Daley contributed to this report.