Hmph. No sooner do I write an article for the library newsletter on the nasty email phenomenon of phishing than I *get* phished. My mail today included this message purportedly from Citibank online's service center with the subject of "Citibank e-amil verification." (No, I didn't include the link she gave me. If you really want to get scammed or keylogged, do it on your own time. And I say "she" because the awfully valid-looking return address was to a female name.servicecenter(at)citibankonline.com. Pity her .jpg was so wiggly-looking or I might've been fooled for about three seconds.)
And no, lest you worry, I didn't actually *get* scammed. I went to Citibank's real website and followed their very nice link on email fraud and reported the blasted thing to them and the FTC both. So nyah. What bothers me is that nearly 30% of U.S. adults (according to MailFrontier) wouldn't have recognized it as a scam, and probably would have wound up with a really expensive case of identity theft. :(
And so, although my soapbox is small and lonely and not terribly high, I offer as a PSA the article I wrote for the newsletter. If it keeps at least one other person from getting hooked by a phishing scam, I'll have accomplished something. ^_^
Slimming your Inbox: Phishing Scams
You’ve gotten an official-looking email alleging to be from a bank, auction site, credit card company, or ISP. It asks you to click on the link provided and enter your account information, PIN, and/or SSN in order to verify or update it for their records. STOP. You may have just been “phished.”
* Recognizing it: The fraudulent email you receive may look completely authentic, down to the logo and typeface of the real bank. The source and the link will look real, and may even include the bank’s genuine web address or email. However, a real bank will NEVER ask for personal or account information via email. Also, some phishing scams might appear to come from an institution with whom you have no account or other affiliation.
* Dealing with it: “Phishing” or “email spoofing” is an attempt to steal your personal and financial information. Do NOT respond to an email request for such information; you run a serious risk of identity theft. Call your bank to verify it (but don’t use any of the contact information supplied in the email). If you suspect a scam, report it. Forward the email to the FTC at uce@ftc.gov. The financial institution may also have a place to report the scam on their legitimate website.
* Check out these sites for further information:
Wikipedia: Phishing: http://en.wikipedia.org/wiki/Phishing
AntiPhishing Working Group: http://www.antiphishing.org/
MailFrontier: http://www.mailfrontier.com/
FTC ID Theft: http://www.consumer.gov/idtheft/