Crooks turn to new phishing tricks to bait victims: Internet Scambusters #490
Despite all the warnings, phishing continues to be one of the main sources for identity theft.
Crooks stay one step ahead of users and even security experts by coming up with a stream of new ideas to fool people into disclosing personal information.
In this week's issue we highlight four of the latest phishing tricks, how to spot them and what you can do to avoid them.
Let's get started...
Watch Out For These 4 New Phishing Scams
If you've ever been caught out by one of those trick questions that have you kicking yourself when you realize you fell for it, you'll have some idea of what it feels like to be the victim of a phishing scam.
You look back on the incident that led to you giving away important confidential information about yourself and you wonder how you could have fallen for it.
Well, one reason why people are still giving their information away -- and usually suffering identity theft as a result -- is that the crooks keep coming up with ingenious ways of fooling you, by convincing you they're genuine.
So, although we've written about the perils of phishing many times, you can never let your guard down. There's always something new.
Of course, it's always worth checking out some of those earlier Scambusters back issues to familiarize yourself with what phishing is and how it works:
It shouldn't be any surprise to learn that 2012 has already witnessed a whole new batch of phishing scams. Here's just a selection:
Phishing Email Targets Previous Victims
In this phishing scam, recently seen in Florida, crooks pretend to be officials from IC3 -- the Internet Crime Complaints Center or from a government department -- investigating earlier scams.
They send emails asking if the recipient has previously been scammed and, if so, to provide contact details so the "investigators" can speak with them.
The crooks then call the victim, claiming to have recovered the money they lost.
But, of course, the victim is then asked to provide key financial information like credit card numbers or bank account details.
Or they're told they have to pay a fee to release the funds and must either give their card details or wire the bogus fee to an untraceable person.
Action: This is a cunning phishing trick that quickly wins victims' trust. But it's obviously a scam if you're asked to wire money or pay any kind of fee to recover losses.
It's highly unlikely that IC3 or any other law enforcement organization would ever approach people this way.
And, of course, you should never accept that someone who contacts you is who they say they are.
Find out the genuine organization's email address or phone number independently -- don't ask the caller -- and check out the story with them.
Also look out for a similar type of phishing email claiming to come from the Federal Deposit Insurance Corporation (FDIC).
Bogus Online Drivers Licensing
In New Hampshire and several another states recently, drivers who went online to apply for renewal of their license ended up on a phishing scam site that looked like the real thing and fooled them into parting with important identity information.
They arrived at the sites by responding to a genuine letter saying their renewal was coming up, then doing an online search.
After that, they simply clicked on a link that looked like it must be the local DMV, then gave the information it asked for.
Action: In New Hampshire, and likely other states, the reminder letter contains the correct email address for the DMV.
Even without this, all federal and state government sites have the ".gov" extension at the end of the address.
And finally, if you're being asked to part with financial information, the browser should display a padlock and/or have an address that begins with "https" (it's the "s" part that's important -- it indicates you're on a secure website).
If in any doubt, get in your car and drive down to the DMV -- provided your license is still current!
Google Docs Phishing Scam
Do you ever use the online word processing or spreadsheet programs provided by Google? If so, beware of these clever phishing scams.
They use supposedly helpful forms seeking your sign-on details and other information.
The trouble here is that the bogus forms are actually hosted on the real Google servers so they appear to be genuine.
They tempt victims into using them by appearing to offer opportunities to upgrade your subscription or report a program bug.
People search for them, use them, and give away their ID information.
Action: The only answer here is not to use forms in the public area of Google docs that ask for your personal details.
Pinterest Phishing Scams
Pinterest is the latest darling of the social networking world, which makes it the perfect target for a phishing scam.
If you don't already know it, the site, as its name kind of suggests, is an online corkboard where you collect and "pin" images of things you like by category.
You can "follow" others too, for instance, friends or people who share your hobbies and interests.
You can repin their pictures onto your board, and even pin your pictures on others' boards. Clicking on any of the images will take you to the website it came from.
Membership of Pinterest is growing by thousands every day and the scammers have picked up on this.
Their trick works by getting Pinterest users to spread images linked to phishing sites.
Users may not realize they've been scammed and then repin the phishing pictures on friends' boards -- or the friends themselves pick them up.
They're usually images promoting free offers or gift cards in return for completing a survey.
Recent examples have used Starbucks Coffee, Coach leatherware and Red Velvet cakes and, in at least one instance, claimed to be a promo direct from Pinterest.
In every case, clicking the image takes you to a malicious website that asks for personal details.
Action: Remember the "too good to be true" rule and, generally, steer clear of supposed offers like this.
Read more about this scam on a blog posting at security firm Trend Micro's website: Survey Scams Find Their Way into Pinterest.
All of the phishing tricks outlined in this issue underline one important fact -- scammers are clever and creative people who are experts at fooling others.
The best solution to avoid a phishing scam is to be constantly vigilant and skeptical, and never give away personal information unless you're 100% sure of who you're giving it to.
Time to conclude for today -- have a great week!