UK Home Academics Athletics UK's Chandler Medical Center Research Site Index Search UK

 

College of Agriculture Cooperative Extension Service Signature LogoExtension Header Image
 Family & Consumer Sciences College of Ag Home Site Index Search People Help

HOME

Kentucky High School Financial Planning Home Page

Back to E-Mail Updates page

HSFPP Weekly Update # 141—Phishing Revisited

Message from Chris: Fraudulent e-mail scams known as phishing have not gone away, even though increased awareness and media exposure of this type of scam has sometimes led authorities to the identity thieves. However, it is very difficult to prosecute because a significant number of phishers and identity thieves operate from foreign countries.

Young, computer savvy consumers are very comfortable using eBay and PayPal to buy items over the Internet, but they need to be aware that these companies and other businesses will not send e-mail requesting “account verification” in which customers are asked to give their credit card numbers and other personal information. The e-mail that accompanies this week’s article In the New$... appears to be legitimate, but it was sent to someone who doesn’t even have an eBay account. By sending spam e-mails to as many consumers as they can, phishers have been successful in getting personal information from far too many consumers, leading to identity theft.

Next week’s article will discuss the latest online scam to capture personal information, RATs. As you can tell from past updates, we are focusing more and more on privacy and fraud issues because of teens’ level of comfort with technology, having grown up using computers and the Internet. Their financial well-being could be in danger as they are likely to conduct more and more of their financial transactions via the Internet, and they may not know what precautions to take.

 

Related Updates:

Update #124 - New Twist to “Phishing” Scam - 11 April 2005
Update #118 - Avenues for Identity Theft - 21 February 2005
Update #112 - Online Security and Phishing - 10 January 2005
Update #110 - Online Payday Lending - 13 December 2004
Update #98 - Protecting Your Social Security Number - 20 September 2004
Update #70 - Tax and Identity Fraud Scams - 20 October 2003

 

Website Pick of the Week:

The Anti Phishing Working Group’s Web site provides a great deal of information about phishing; consumers can also report phishing attempts to them, via their site.

http://www.antiphishing.org/

Consumer Reports WebWatch provides investigative reporting on credibility and trust online. It is an excellent site for looking up information on phishing and other dangers to consumers. 200+ businesses have pledged to abide by their five guidelines for improving Web credibility.

http://www.consumerwebwatch.org/

 

Activity for Educators:

Have students read this week’s article In the New$... and the fraudulent e-mail message that we’ve included with it. Then use the class discussion questions. Also use the quiz at the MailFrontier Web site, http://survey.mailfrontier.com/survey/quiztest.html, to test teens’ knowledge in distinguishing phishing scams from legitimate companies’ Web sites.

In response to the class discussion, let teens know that the best thing to do when they receive a spam e-mail or an e-mail from someone they don’t know is to delete the e-mail without opening it. Even if they only open the e-mail and do not respond to it, the spammer probably will be able to tell that the e-mail was opened. This tells the spammer that they have found a live person, so they will send more and more spam.

 

In the New$... Phishing E-Mail

“Dear eBay member

“We recently noticed one or more attempts to log in to your eBay account from a
foreign IP address by a third party without your authorization.

“If you recently accessed your account while traveling, the unusual log in attempts
may have been initiated by you.
“If you are the rightfull holder of the account, click on the link below and
fill the form and then submit as we need to verify your identity.

[We have deleted the Web link that was provided here.]

“The log in attempt was made from:
IP address: 205.188.209.166
ISP host: cache-dq04.proxy.aol.com

“Your account is temporarily suspended

“If you received this notice and you are not the authorized account
holder, please be aware that it is in violation of eBay policy to represent
oneself as another eBay user. Such action may also be in violation of
local, national, and/or international law. eBay is committed to assist
law enforcement with any inquires related to attempts to misappropriate
personal information with the intent to commit fraud or theft.
Information will be provided at the request of law enforcement agencies to
ensure that perpetrators are prosecuted to the fullest extent of the law.

“*Please do not respond to this e-mail as your reply will not be received.

“Thanks for your patience as we work together to protect your account.

“Regards,

“Safeharbor Department
eBay Inc.";”

Did you recognize the message above as a scam? As you will learn from the following article, this type of scam is called phishing. The Web site used in this scam, which appeared to be a legitimate eBay Web address, is no longer online; it may have been taken down or disabled by the hosts, but quite often these Web sites are hosted on the personal computer of the phisher. In any event, we deleted the Web address just in case it still poses a security problem. Also remember that it is very common for these e-mail scams to be redistributed at a later date with only slightly different content and hosted on a different Web server. It’s necessary to keep a watchful eye out, as scammers get cleverer and cleverer.

Also note the misspelling of the word, “rightful,” early in the message. Even though they might appear legitimate at first glance, phishing e-mails aren’t always as polished as the written work of an established business. Another indicator that this is not a legitimate message from eBay is that it addresses the recipient as “Dear eBay member,” not by their personal name; this is practically impossible for spammers sending one e-mail to a large list.

‘Phishing’ Keeps Luring Victims

“If you see an e-mail this weekend asking you to donate to the victims of Hurricane Wilma, be careful. A scammer may be ‘phishing’ in your e-mail inbox.

“‘Phishing’ scams, in which e-mails and Web sites made to look official are used to trick people out of their credit card numbers or other personal information, are on the rise.”

“The classic phishing scams seem to come around again and again, with little variation: Your eBay account is about to expire, the sender of the e-mail warns you. Click on the link and resubmit your credit card information to avoid any loss of service.

“Of course, when you click, it's not an eBay site that you'll be visiting -- though it probably looks very much like it. And it won't be eBay's billing department that will have your credit card information, either.

“PayPal, eBay and Citibank top Gartner's [research firm Gartner Inc.] list of the top spoofed sites, but plenty of others are out there. The hurricane or tsunami relief efforts are only one form. Others pretend to be your company's tech department or security officials from your e-mail provider. A growing number pretend to be lottery or sweepstakes prize departments.”

Source: “‘Phishing’ Keeps Luring Victims,” by Mike Musgrove. Washington Post, 10/22/05.

 

Class Discussion

1.) If you had received the e-mail above would you have responded to it?

 

2.) Have you ever responded to an e-mail that links you to a Web site that asks you for personal information?

 

3.) How do you respond to spam e-mail or e-mail from people you don’t know?

 

4.) What can you do to protect yourself from electronic identity theft?

 

 

Activity for Students:

Take the quiz on phishing at:
http://survey.mailfrontier.com/survey/quiztest.html

Also click on the “why” link for each question you got wrong and write down the reason. There will be a class discussion about the reasons why some examples were phishing and others were legitimate.

 

 

Kentucky High School Financial Planning Program

http://www.ca.uky.edu/fcs/hsfp

The purpose of this Web site is to assist county extension agents, credit union educators, and high school teachers in improving the economic well-being of our constituency, beginning with today’s students; and also, to assist teachers in Kentucky in meeting KERA’s goal that all students become technologically literate. Weekly Updates are provided by the University of Kentucky Cooperative Extension Service, and are free to all educators.

Questions/Comments · Copyright © An Equal Opportunity University,
University of Kentucky, College of Agriculture
Last Updated:


This is a Java Script that displays the date the page was last modified. It is inconsequential to the navigation and content of this site.