“Phishing” is a new buzzword for an old scam. Crooks are sending e-mails posing as legitimate businesses asking users for personal information – passwords, account numbers, credit card numbers, and social security numbers. E-mail messages are sprayed by the millions to random addresses using domain names of popular e-mail services such as aol.com, yahoo.com and earthlink.net. The messages appear legitimate, using artwork and logos from the real companies, and the sender’s address is frequently forged to resemble an address used by the real company.
Some of them take the scam a step further – they create a web page resembling the real company’s pages and enable the security technology that makes it a “secure” web site, so you see the security lock icon at the bottom. The e-mail message reassures you that the company would never ask you to disclose confidential information by e-mail, so you’re directed to the scam web site – where your personal and financial information is harvested by the bad guys.
Here’s an article suggesting this scam is on the rise and the crooks are getting smarter. eBay and PayPal have been targets, as well as Citibank, Lloyd’s of London, Barclay’s Bank, and Best Buy. A number of recent ruses targeted British banks; The Register has more details on the specific scams.
It’s another difficult problem, since your business relationship with a company increasingly will be handled by e-mail. It can be hard to distinguish real messages from scams. All the more reason to be careful and slow down!
One rule is sacred and observed by all legitimate companies, as far as I know: a legitimate company will never ask you to send your account information or passwords via e-mail. Never put that information into an e-mail message!