Identity Theft FAQ for Canadians

Identity Theft Canada >> What is Phishing

What is Phishing

Phishing is a term that describes fraudulent activities carried out with the aim of stealing personal information. Scammers send fake notifications from e-pay systems, government agencies, and financial institutions. They use phishing websites to steal account data, passwords, credit and debit card numbers, and other details. Phishing is a form of identity theft that uses both websites and unsolicited emails.

Fraudsters claim to represent a legitimate institution or enterprise. They send emails that ask users to visit a fraudulent website where they can update their financial details. The website is designed to steal their account numbers, social security, and other information. Once you have supplied the required information, you will see a message indicating that the problem is now resolved.

Given that phishing is a form of identity theft, con artists can use your information in different ways. They can withdraw money from your debit or credit card, use your identity to obtain a driver’s license or other documents, open new accounts, etc.

Scammers find email addresses by buying email lists and using tools to generate usernames. They use emails that are publicly posted or steal email and contact lists. There are legal and illegal ways to purchase email lists. Many online services and websites, for example, collect emails. It is important to read their privacy policy to see what they do with them.

Fraudsters often sent phishing emails to multiple users, using generic names such as “Bank of Nova Scotia Customer” or “Bank of Montreal Customer”. Be wary if you do not see your name because this is a sign that they don’t have it on their list. There are certain phrases that fraudsters use. These include “account suspension” and “verify your account”. If you click on their website link, check whether it starts with "https". Only links with "https" are safe to use. In many cases, phishing emails use the logos of financial institutions and other companies. Look for the official website of the company in question and compare it with the web address you were given.

Cyber criminals often use threatening messages to force people to disclose their personal information. For example, they may warn you that your debit or credit card account will be deleted if you fail to update your personal information. Misspellings and bad grammar are also a sign of phishing scam. The bank’s editors and copy editors would have edited all grammar and spelling mistakes. Fraudulent websites are usually of poor quality. The reason is that they normally have a very short lifespan. If the website has poor resolution, whether it is the text or the company’s logo, this is a sign that you have opened a phishing website.

Note that banks and credit card providers would never ask you to confirm your personal information by email. But if you already disclosed your financial or personal details, there are certain things you can do. Contact your credit card company or bank immediately. Change your PINs and passwords and close all bank accounts that have been opened or accessed by fraudsters.

Some local agencies accept reports by scam victims. You may also want to notify the company or institution that is being spoofed. Notify the fraud division of your credit union or bank so that they can inform other customers. The best way to protect yourself against phishing scams is to avoid/delete mass emails. Some employers and internet users send mass emails to friends, colleagues, and employees, instructing/encouraging them to download attachments and click on website links. People get used to this and may download malicious spyware and viruses sent by scammers. If there are other ways for authentication, different than username and password, it is better and safer to use them. Another way to protect yourself against phishing fraud is to use special software. You can add it to your email client or browser. It is important to install a good spyware and virus protection software on your computer to minimize the risk of being scammed.

If an email address is provided in the body of the text, you may want to compare it with the original sender. Discard emails that ask you to reply to an email different than the “from” field. No reputable business will send messages from gmail, hotmail, or another free service. Legitimate agencies, institutions, and companies use official accounts. Some phishing emails ask you to unsubscribe if you don’t want to receive more messages. Do not fall for this – fraudsters use this trick to identify active accounts.

If a website looks suspicious, check whether it is flagged in red or yellow. Websites that are flagged in yellow have the features of bogus sites, but they have not been confirmed as fraudulent. Websites that are flagged in red or are blocked are phishing sites. Never shop from websites that are not secure because you risk becoming a victim of identity fraud. This can ruin your credit score, and your financial institution may take legal action against you. Identity fraud can affect you in many ways, and victims spend over $3,000 and around 40 days trying to repair the damage. This involves great emotional and mental stress, apart from financial losses. Damaged credit is one of the consequences of identity theft. Fraudsters open credit card accounts and may run charges in your name without paying the bill. Financial institutions will reject your applications for a mortgage or loan because of this. Moreover, it takes a lot of time and money to correct your credit record and have the fraudulent charges erased. Banks vary when it comes to the amount of money they will replace. In some cases, victims of identity theft never see their money. Other consequences include jail time, crimes that go on the victim’s criminal record, and heavy legal fees.

There are different types of phishing scam, including session hijacking, malware-based phishing, and deceptive phishing, among others. Deceptive phishing is the most common variety, asking people to verify their information. Fraudsters use bogus websites to collect confidential information, as described. Session hijacking refers to monitoring user activity to gain access to bank and credit card accounts. Malware-based phishing involves sending downloadable files and software as an email attachment. When users install them on their computers, scammers gain access to their information. Other types include spear and voice phishing. Spear phishing involves sending emails to a specific user. These emails look as if they are coming from a colleague or employer and encourage recipients to disclose their personal details or download an attachment. Phishers use special software to recognize the user’s keystrokes. Voice phishing encourages people to reveal their personal information over the phone.

Other types of phishing include hosts file poisoning, Trojans, and screenloggers and keyloggers. The latter make use of different types of software to monitor your keyboard input. Fraudsters also use Trojans to collect personal information, and viruses are either downloaded from an infected website or are transmitted by email. Viruses collect information that people type on websites or they collect information stored on the hard drive. Content rejection phishing, DNS-based phishing, and reconfiguration attacks are other types of phishing.

© Art Branch Inc. 2006-2012