Phishing is the con artist's 21st century fraud tactic-- a fairly new type of scam that you need to be aware of because it's becoming increasingly common. In 2003, the FBI called phishing the "hottest, and most troubling, new scam on the Internet" and it's only gotten worse. Don't fall victim to this crime.

First off, what is Phishing?

According to Webster's New Millennium™ Dictionary of English:

Phish: “To send ruse e-mail with a link to a replica of an existing web page, designed to fool users into submitting personal, financial, or password information; to defraud someone using this method; also, to create a website replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.”

Types of Phishing

Email

A common scheme is to create a webpage that looks like the site of a bank, retailer, online commerce company, or government agency and then send a blast e-mail to millions of people asking them to update their information, verify account details, or to confirm an order. Recent phishers have pretended to be Bank of America, Best Buy, and of course, PayPal and eBay.

How to Recognize a Phishy Email:

· The actual URL for a link doesn't match the text URL: Example.

· The email asks you to validate, update, or confirm personal or financial information. Most legitimate companies send hardcopy letters to customers when asking for this information.

· Check the Miller Smiles database. The site currently has an archive of 162,926 phishing emails that have been submitted by users.

· Think you can tell the difference between a legitimate and a phishing email? Take this quiz and find out.

Tips to Avoid Phishing Scams

· Never reply to an email asking for personal or financial information.

· Never click on links within the body of an email. Instead, log-in into the company's site directly to “update your information,” etc. or call the company's customer service line.

· When you receive a suspicious email, forward it to spoof@homeaway.com.  

· If an email asks you to call a number to update your account or access a refund, don't do it. Scammers can easily fake area codes using Voiceover IP lines. Instead, call the number listed on your bill, statement, or on the company's website.

· Keep your anti-spam and anti-virus software up-to-date.

· And an oldie-but-goodie: Never open an attachment unless you are expecting it.

Website

Also be careful when typing a URL into your browser: Crafty phishers have bought commonly misspelled domain names and replicated the sites in order to trick customers into entering their log-in or credit card information on the fake site. To protect yourself against this threat, always type the URL into a search engine like Google or Yahoo to ensure that you're getting the business's legitimate site.

Phone

Another tactic is to phish over the phone: Scammers call your published telephone number pretending to be a representative of VISA, or Special Olympics or some legitimate company. They pressure you to give your credit card information to them right away so they can make their sales quota, win a contest, help the needy or any of a thousand urgent reasons designed to get you to give them your credit card number. To defend against this type of scam-- ask a lot questions. At HomeAway, our customer service representatives don't mind, but the phisherman will.

A legitimate business:

1) Will never ask you to enter personal information on any Web page that you can access without first signing in with your username and password.

2) Will never pressure you to provide a credit card number over the phone. If you're not sure that you are talking to a company representative, hang up and redial the published telephone number.

3) Will always be able to answer a question to which only you and the company know the answer. Ask the caller something only you or the company can know: If the caller doesn't know the answer, hang up and call the customer service telephone number listed on the company's Web site. For example, a HomeAway representative will always be able to tell you the date of your last payment, the private e-mail address we use to contact you (assuming you use another e-mail address for your business) or even your vacation home full address.

Phishing is a fact of life on the Internet, but you can protect yourself from giving your information to people who are not who they say they are.

If you think you may have been a victim of phishing, contact your credit card companies and bank immediately and have a fraud alert placed on your accounts. If you're unsure how to do this, contact the Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338.

Sources:

Internet Fraud Tips from the National Consumer League's Internet Fraud Watch

Microsoft: Recognize phishing scams and fraudulent e-mails

OnGuard Online

Webster's New Millennium™ Dictionary of English, Preview Edition (v 0.9.6)

WordSpy