[gl-L] [Phishing with phones: the latest scam]

[Danilo]

http://www.microsoft.com/athome/security/email/phishing_with_phones.mspx Phishing with phones: the latest scam Help avoid this new form of ID theft Published: June 15, 2005 Traditionally, phishing scams have used e-mail to direct potential victims to phony Web pages to steal their identities. Now, there's a new twist on phishing. Instead of being directed to a Web page, you could be prompted to call a customer support number where a person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data to steal your identity and access your account. Often the person on the other end of the phone line will make claims that your account will be closed or other problems could occur if you don't respond. Read on to learn how to avoid falling prey to this new threat. Although law enforcement and other security agencies can trace phone numbers, perpetrators often use payphones, stolen cellular phone numbers, or hacked accounts, so it's important to avoid being conned rather than try to minimize damage afterwards. Note: This scam may also take advantage of fax or VoIP (Voice over Internet Protocol) numbers as well. Tips to help avoid being a victim of phone phishing: • Treat all unsolicited e-mail (and phone) messages with skepticism and avoid clicking on links. • Before you call, research unfamiliar area codes first using legitimate local phone companies to avoid long distance, international, or other toll charges. • To determine actual customer support and other phone numbers, check the organization's Web site. And when you do your research, don't follow a link in an e-mail—always type the Web site URL address yourself. • If available, refer to your hardcopy records of past invoices or statements for legitimate contact phone numbers and other information. Creditor customer support phone numbers are also often listed on the back of credit cards. • Stay current about the latest identity-theft scams through industry-standard security newsletters, security Web sites, and other reliable sources. • Scrutinize your e-mail for telltale signs of a phishing attempt, such as poor grammar, typos, strange Web addresses, or anything else that seems suspicious. • Report suspicious e-mail to the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group (APWG). -- Danilo