Article

E-mail from service provider likely a scam

By PHIL MULKINS World Action Line Editor - 9/27/2009

Dear Action Line: I received an e-mail from my ISP saying it suspects "unauthorized use" of my account. It asks me to verify my account ownership by providing my password, etc. I wasn't born yesterday, but you should warn others of this. — L.T., Tulsa.

Good job! This "phishing scam" sparked a Sept. 18 consumer alert from Arkansas Attorney General Dustin McDaniel. As Internet scams in Arkansas tend to visit Oklahoma we often include his alerts in this column.

Phishing scams: The word "phishing" is not a nerdly play on words it is actually abbreviated Net-speak for "password harvesting" or "password fishing." It is an attempt by criminals to obtain your credit card information, bank account and routing numbers, personal ID numbers, etc., so they can drain your accounts. Such e-mails often appear to originate from legitimate sources: government agencies, Internet service providers or credit card companies. The real entities never initiate contact by e-mail. Internet-savvy criminals use this personal information to steal identities, run up credit-card charges and apply for loans posing as their victims. Read more on this at tulsaworld.com/CERTphishing.

Arkansas attack: Arkansas consumers received e-mails purportedly from their Internet service providers warning of an accounts problem. The bogus problems included "unauthorized use of account, repeated attempts to change passwords and attempts to change passwords from foreign computers." The consumer is instructed to verify he is the account owner with his name, address, date of birth, e-mail user name and password. McDaniel advises DON'T do it.

Anti-Phishing Working Group: Also report your phishing attack to Anti-Phishing Working Group at tulsaworld.com/antiphishing. The APWG is the "global, pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and e-mail spoofing of all types."

Its site says the number and sophistication of phishing scams continues to rise. Figures for 2009 were not available, but a 2008 report showed a December total for "password stealing malicious code URLs" of 31,173 — an 827 percent increase from January 2008.

The group warns, "Be suspicious of any e-mail with urgent requests for personal financial information. Unless the e-mail is digitally signed (see tulsaworld.com/digitallysign), you can't be sure it wasn't forged or 'spoofed.' Phishers typically include upsetting or exciting (but false) statements in their e-mails to get people to react immediately. They typically ask for information such as usernames, passwords, credit card numbers, Social Security numbers, dates of birth, etc. Phisher e-mails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure.

"Don't use the links in an e-mail, instant message or chat room to get to any Web page if you suspect the message might not be authentic or you don't know the sender or user's handle. Instead, phone the company or log onto its site by typing its Web address."

Submit Action Line questions by calling 699-8888 or by e-mailing phil.mulkins@TulsaWorld.com or by mailing it to Tulsa World Action Line, PO Box 1770, Tulsa OK 74102-1770.

Email to a Friend
Main Menu