Portal de Periódicos da CAPES

Phight Phraud: Steps to Protect against Phishing

2006; American Institute of Certified Public Accountants; Volume: 201; Issue: 2 Linguagem: Inglês

0021-8448

Steven C. Thompson,

Cybercrime and Law Enforcement Studies

You receive an e-mail that appears to be from your bank. You recognize the logo and the letter format. Its even signed by the bank officer you deal with. It says there has been a glitch in your account and asks for verification of some information-credit card numbers, passwords and other personal information which you quickly supply. Congratulations, you've just inadvertently given a crook the key to your bank account. This fraud technique, known as a phishing (pronounced fishing), is growing in frequency and sophistication. This article will tell you how to guard against it. HOW IT WORKS A typical phishing sends out millions of fraudulent e-mail messages that appear to come from popular Web sites that most users trust, such as eBay, Citibank, AOL, Microsoft and the FDIC. According to the Federal Trade Commission, about 5% of recipients fall for the scheme and give information away. Phishers wish to irrationally alarm recipients into providing sensitive information without thinking clearly about the repercussions. Victims might be told someone has stolen their PIN and they must click on the provided link to change the number. At the linked site, victims see an exact copy of a site they know and trust. They enter their account number and PIN and a return response shows that the site is temporarily down due to maintenance or some other satisfactory-sounding excuse so they will not try to initiate a connection to the real site. It sometimes takes several weeks to realize a crime has been committed. Meanwhile, victims are hooked and the phisher uses the information to purchase goods, apply for new credit cards or steal their identity. There are several free products that fight phishing by disclosing whether the Web site you contact is legitimate: * Netcraft Toolbar (http://toolbar. netcraft.com) works in both Internet Explorer and Firefox. * Cloudmark Safety Bar (www.cloud mark.com/products/safetybar) only supports Internet Explorer. * Mozdev.org TrustBar (http://trustbar. mozdev.org) works only in Firefox. * EarthlinkToolbar (www.earthlink. com/software/free/toolbar). Microsoft also recently announced it is adding antiphishing features to Internet Explorer 6 and subsequent versions. The new phishing filter, which will require Windows XP SP2, will be available shortly in a beta version. PROTECTION TIPS As the use of financial transactions on the Internet becomes more pervasive, con artists will continue to develop new and more sinister ways to trick victims. …