With continued advances in technology, the types of transactions you can complete online today are endless. However, the increase in online transactions also increases the possibility of online identity theft. Two of the most common methods for fraud via the internet are phishing and pharming.
Phishing can lure an unsuspecting consumer to divulge personal information to a fraudulent website. The phisher sends an email purporting to be from a legitimate bank or business. The consumer is instructed to click on the supposed business’ link to verify personal account information. The message often describes a problem with an account that the victim feels needs immediate attention. During the process, the victim may disclose a personal password or PIN and the phisher now has personal data to access the victim’s accounts or commit other identity theft.
Pharming is a more sophisticated method because it is not necessary to click on a link or open an attachment; just opening the email message does the damage. The email message contains a virus that will hijack the victim’s browser without his knowledge. You then type a legitimate website into the address bar of a browser, and the virus redirects you to a fake website. Although you entered the website address into the browser yourself, and the site appears to be identical to the site you are accustomed to doing business with, you have actually been redirected to a different site, set up by the pharmer. You enter in your identifying information, such as passwords, PINs or account numbers, and unknowingly submit it to someone waiting to steal your identity. In this scenario, since you typed the address yourself and the website has the same appearance as it usually does, it is unlikely that you will know that you were directed to a different website.
Awareness is the key:
- Always install anti-virus and anti-spyware software on your computer, and keep it up to date
- Never use links in an email to get to a web page
- Always be suspicious of an email with requests for personal information; legitimate banks and business sites will never contact you by email and ask you to update your account, password or other personal information
- Never open an email if you don’t know who it is from
Return to Security Center