Q: I just received a weird email addressed to “the client of the US Bank”, directing me to a web site where they want me to “confirm [my] data, otherwise [my] access to the system may be blocked”. What’s going on here?
A: Welcome to the wonderful world of the (user beware) Internet! You have just received an “invitation” to become another victim of phishing…and possibly identity theft.
"Phishing" is a serious privacy threat that is quite simple in concept. The individual "phishing" sends e-mails to addresses captured from other sites. Masquerading as a reputable institution, he/she sends a well-crafted, official looking e-mail, complete with company logos, indicating that you need to confirm some information they “have on file”. Then they typically ask the recipient to go to a web site (which is counterfeit) to enter that private information. The recipient is further fooled because the link to the web site may look legitimate. However the link is displayed is not necessarily the actual site you go to when you click on it.
For example, an e-mail with a link to www.citicorp.com may actually take one to a different site, e.g., www.identitythieves.xyz. The site is made to look exactly like an official Citicorp site with spaces to enter credit card number, PIN, social security number, date of birth and other private information. Once the "submit" button is clicked, all that private information is placed in the possession of identity thieves who can use that information to make purchases, open new credit accounts, take out loans, etc. - all in your name.
So how does one protect themselves against this kind of fraud?
To avoid being a "phishing" victim, remember that companies do not send e-mails to customers asking for private information. Any such e-mail that you receive is bound to be a fraud attempt, no matter how official looking it is. If you receive an e-mail from any firm asking for private information, delete it.
Most importantly, always be a bit suspicious when receiving any e-mail. Since the sender's name can be forged, it's not good enough to know who the sender is. You should also determine if the body of the e-mail message is written in a manner that you would expect from that source. If there are attachments or links, they should never be clicked unless you know what they are and why you received them.
For more information on identifying and protecting yourself from phishing, check out http://www.fraudwatchinternational.com/phishing-fraud/phishing-home/ or http://www.invillapark.com/pdphish.htm.