Archive for January, 2005

Sorry, Charlie!

Written by Nick B. Nicholaou on . Posted in Articles

© 2005 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from The Clergy Journal’s Faithful Finances

Charlie the Tuna® is, according to StarKist® (his “sponsor”), America’s favorite tuna.  Growing up we saw Charlie left behind in the water time after time only to be told, “Sorry, Charlie!”  Too many are hearing that same kind of disappointing line these days because someone has “phished” (pronounced fished) their identity information and taken all their cash and assets before moving on.

This has become the number one threat to consumers and financial institutions on the Internet.  What exactly is phishing?  How can we recognize it?  What can we do about it?

What is phishing?
Phishing is the term given to the process of luring people to freely give their personal identification and password information.  It first took the Internet form of email appeals from those who only needed your account and identification information so they could transfer large sums of money into American banks.  For your willingness to help them out of a dire situation they were willing to share a percentage of millions for the privilege.  It sounded too good to be true, and it was.  Hundreds of millions of dollars were stolen in this process, most of it unrecoverable.

Recently phishing has become much more sophisticated, making it difficult to tell whether the request to share information is legitimate or not.  These “phishers of fraud” have created web pages that look exactly like those of banks and other financial institutions where you might have an account.  They send millions of emails out with the click of a mouse that look official from these mimicked companies asking you to click on a link and verify your account and identification data.  The websites these emails link to look so official, many are giving private information that empowers the phishers to access their accounts and empty them out.

How can we recognize it?
The emails always say something like their database or your account has had some kind of problem or been compromised, and that you must verify your information to keep the account active or to reactivate it.  That’s about as recognizable as these may be.  They’re very hard to recognize as fraud.

What can we do about it?
If you get one of these emails, DO NOT REPLY TO IT OR CLICK THE LINK.  Instead, call the number you have on file and have always used to call your bank, etc directly.  Ask them to confirm that the email originated with them.  If they can’t confirm it, delete the email and, again, DO NOT RESPOND TO IT IN ANY WAY.

Phishing with a twist?
Like you, I always pay my bills on time.  Occasionally a check may get delayed in the mail as recently happened over the Christmas holiday.  I received a call from my bank leaving a voice mail with no detailed information.  It said I needed to call a toll-free number about my account.  When I called, they said they needed my account number and verifying data before they could tell me what the call was about.  I refused to give any information other than what is already public (name, phone number, address) until they could tell me correctly a code that I’ve set up with my bank.  They couldn’t, so I gave them no further information.  It could have been a phishing scam.

These phone calls are a problem because identity theft is at an all-time high.  Anyone could set up a toll-free phone number and put in a voice menu system that sounds very official.  Just like those phishing web pages, these can be completely fraudulent—there would be no way to tell!

I recommend setting up a security password with these companies that is something no one would ever guess.  In my case, I gave a completely false name as my mother’s maiden name (maiden names are public information).  Once I give them my name and phone number (again: only publicly available information) and they say they have my account on their screen, I ask them to tell me my mother’s maiden name.  If they can’t respond correctly, I refuse to give them any additional information.  This may infuriate them, but remember:  they called me first.  The burden of proof is on them.

Report possible phishing scams
The U.S. Department of Justice (www.usdog.gov) requests that you report these scams to them right away.  In a document available at http://www.usdoj.gov/criminal/fraud/Phishing.pdf, they say:
If you may have disclosed your personal information to a possible phishing e-mail or website, you should immediately file an online complaint with the Internet Crime Complaint Center (a joint project of the FBI and the National White Collar Crime Center) at http://www.ic3.gov.  Because that disclosure of personal information may put you at risk of becoming a victim of identity theft, you also should go to the Federal Trade Commission’s identity theft website, at http://www.consumer.gov/idtheft, and follow the directions there for reporting information to credit bureaus, credit-card companies, and law enforcement.

If you have received a possible phishing e-mail, but have not yet responded to it, do not respond.  Instead, send copies of the e-mail to the Federal Trade Commission at uce@ftc.gov and the Anti-Phishing Working Group at reportphishing@antiphishing.org.

Phishing is a lethal threat.  Following these guidelines will save many of you thousands of dollars.