Scam Alert: Phishing for Your Money

Online fraudsters are busier than ever, according to a new study. An increasingly popular scheme involves setting up fake sites that mimic financial organizations – all in an effort to steal your money.

The study, from Kaspersky Lab, tracked financial cyber threats in 2013. According to the data collected, 31.45% of phishing attacks in 2013 traded on the names of banks, online stores and online payment systems. That’s an increase of 8.5 percentage points versus 2012.

‘Phishing,’ as the name implies, describes various fraudster tactics designed to lure you into giving up valuable personal information. The scammers put together an online marketing campaign in an effort to attract you into providing that information. They usually do this by appealing to greed or fear.

One popular “fear” ruse involves the scammers pretending to be from paypal, and claiming that there is a problem with your account. They’ll send you an email that looks exactly like it’s coming from paypal, and click you over to a site that looks like paypal. However, once you log in to “fix” the “problem,” you’ve given the thieves your password, and they keys to your account.

Other phishing schemes appeal to greed by claiming that you’ve won a prize, or are eligible for a “no questions asked” loan. When you move to claim the prize or apply for the loan, you’re asked for your bank account information and/or your social security number. Once again, you’ve given the thieves the keys to your financial “kingdom,” and your identity.

In 2013, thieves posed as banks in 70.6% of all financial phishing, according to Kaspersky Lab. And while big banks were the most popular “disguise” used by thieves, they will also target account holders of small banks or credit unions.

In order to protect yourself:

Don’t respond directly to email solicitations – even if it seems to come from a trusted source. Online thieves are masters at creating bogus html email and websites that look just like the real thing. Even the email account name from the sender or the URL of the website may look legit. Increasingly, thieves are creating phony Facebook and Twitter pages, too.

Look closer at that email or website, and you’ll see how the thieves create an address that contains the name of the legit company, but add letters, words or phrases so as to be able to register the domain or email account. Instead of ‘paypal.com’ it might read ‘paypal.members.com’ or something similar. You see “paypal” in the address line and think it’s OK, but it’s not.

Instead of responding directly through the email or online ad, find the legitimate company website using your own bookmarks — or Google — and open that site directly. If it’s a company or sender you don’t recognize, Google that name. You’ll often get results from consumer sites or message boards, where others are discussing this scam solicitation they’ve recently received.

Also, be very careful giving anyone your personal information. Remember, your financial institution already has your personal information. If someone is contacting you from that institution about your account, they really don’t need for you to give them the account number.

In particular, be careful whenever anyone asks for an account number linked to money, or your social security number. These are the magic pots of gold that online thieves love the most. Deny them the satisfaction of stealing your money.