Over the last year we have seen a rapidly increasing attack against
personal information. These attacks are typically e-mail requestst
for you to update your personal information and are often accompanied
by a "threat" that if you fail to update the information
your bank account, paypal account, credit card or other financial
service will be suspended until the information is updated.
Attackers use this information as a starting point
for identity theft. At the first level the information gathered
will give them account numbers and access codes, but it will also
typically give them enough information to allow the criminal to
start applying for credit cards and loans in your name.
Victims of phishing attacks and identity theft find
themselves being sued for failure to pay, missing money from their
accounts and a damaged credit rating. It can take years to recover
from this kind of attack.
A sample e-mail
that has been received in our office linked to a site that had a
full copy of the signup screen from the bank. A Second
captures the user ID and password, then redirected the balance of
the session to the legitimate bank web site. If you logged in, it
would send your user ID and password to the criminal site.
To protect yourself from phishing attacks and identity
theft, NEVER respond to one of these e-mails. DO NOT click on the
link. A variant of the second phishing attack has been seen which
installs a hosts file on your
computer. This redirects all attempts to contact certain financial
institutions to their web site where they collect the information
to access your account as you are going about your regular business.
This "man in the middle"
attack allows them so see everything you type in as you are trying
to communicate with your financial institution even though you are
working on an encrypted link.
If you receive an e-mail that is legitimately from
your financial institution it will not ask you for personal information
over the internet. Instead it will ask you to phone or contact your
branch office. If you still believe that the financial institution
may be asking for confidential information over the internet, DO
NOT supply it over the internet, instead use the telephone to supply
DO NOT give out the following information over the
Bank account numebrs
Credit Card Numbers
Social Insurance Numbers
Date of Birth