How Not to Get Hooked by a 'Phishing' Scam

Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go "phishing." Phishing, also called "carding," is a high-tech scam that uses spam to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information.

According to the Federal Trade Commission (FTC), the emails pretend to be from businesses the potential victims deal with - for example, their Internet service provider (ISP), online payment service or bank. The fraudsters tell recipients that they need to "update" or "validate" their billing information to keep their accounts active, and direct them to a "look-alike" Web site of the legitimate business, further tricking consumers into thinking they are responding to a bona fide request. Unknowingly, consumers submit their financial information - not to the businesses - but the scammers, who use it to order goods and services and obtain credit.

To avoid getting caught by one of these scams, the FTC, the nation's consumer protection agency, offers this guidance:

• If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
  

• Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
  

• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  

• Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov.* (See below for how to compose your E-Mail report)

  Most if not all reputable companies using the Internet for client communications are being hit by Phishing scammers. On February 26th. 2004, for example, I received E-mail purportedly from an on-line Gold retailer and a huge multi national bank asking me to log on to their servers. In the case of the Goldmerchant, they wanted me to enter all sorts of personal information because their database had crashed and my E-mail had been lost. (Stop and think....... If their database had been lost and my E-mail was gone from their system, where did they get my E-mail address to E mail me and tell me I need to enter all my personal info and account info???) In the case of the bank, they need me to enter my bank card and pin number to confirm my E-mail address with their servers. It should be noted that I do not have accounts with either of these companies. Phishers send out E-mail to every address in their database in the knowledge that at least some of their targets WILL have accounts and will not recognize this kind of scam, that comes complete with official sounding language and plenty of logos, both at the web site and in the E-mail. I regularly receive E-mail from myself advertising all sorts of products and services. I am doing my best to track down and prosecute the offenders, but they are extremely hard to find, or, they are located in countries such as Rumania, Korea, Latvia, Belgium etc.

  In order to filer a report with the FTC that can be followed up on with an investigation, you are going to need a copy of the original E mail you received. Here's how you extract the information the FTC will require:

  Instructions for viewing headers using Microsoft Outlook & Outlook Express in Windows.

  IMPORTANT: NEVER OPEN ANY ATTACHED FILES OR DOCUMENTS!!!!!!
  
  Microsoft Outlook Express 4 and 5

• Open the message in it's own window (not in the preview pane)

• CTRL-F3 (Message Source Window)

• CTRL-A (select all)

• CTRL-C (copy)

• ALT-F4 (close)

• With the mouse (click for pictures):

• Click the "File" menu

• Click "Properties"

• Click the "Details" tab

• Click "Message Source"

• Copy and paste everything from this window (ctrl-A, ctrl-C)

Microsoft Outlook 97

Microsoft Outlook 98 and 2000

1. Open the message in a separate window (double click).

2. Under the View menu select Options.

3. Copy the text in the Internet Headers window (unfortunately it doesn't include the message itself).

4. Paste into the Headers and Message box on the abuse complaint form.

5. Close the options window.

6. If the spam header shows "text/html":

7. Right click on the body of the spam, and choose 'View Source'.

8. This automatically opens the HTML code up in Notepad.

9. Copy the entire message body.

10. Paste into the Headers and Message box on the abuse complaint form page.

11. Make sure to leave a blank line between the headers and the message body.

Microsoft Outlook Express for Macintosh

Select the e-mail. From the View menu, choose Source. A new window will appear containing the e-mail. with full headers. Press COMMAND+A to select all, then COMMAND+C to copy. Go to our abuse complaint form and type COMMAND+V to paste the e-mail. in.

All that remains to be done then, is to copy the entire contents of the E-mail, with headers now fully exposed, and mail it off to the Federal Trade Commission at this E-mail address: uce@ftc.gov

If you would like to learn how to read this header information (for Supergeeks only) There is a terrific primer on the topic located at the stopspam.org web site. You can view this primer by clicking here.*

I sincerely hope this information helps. Don't be a victim of Fraud! Fight back and let's put these people out of business once and for all.

July 15, 2004 - the Identity Theft Penalty Enhancement Act Signed By the President

On Wednesday, June 23, 2004, the House passed by voice vote, H.R. 1731, the Identity Theft Penalty Enhancement Act. On Friday, June 25, 2004, the Senate passed H.R. 1731 by unanimous consent (without amendment) and cleared the bill for the President's signature. The President signed this Act into law on July 15, 2004.

H.R. 1731 would establish penalties for aggravated identify theft, i.e., identity theft in connection with the commission of a felony, and includes the following provisions of interest to SSA that would:

Prescribe a sentence of two yearsŐ imprisonment for knowingly transferring, possessing, or using, without lawful authority, a means of identification of another person during and in relation to specified felony convictions, including:

(1) violations of 18 U.S.C. 641 (relating to theft of public money, property, or rewards);

(2) violations of sections 208, 811, and 1632 of the Social Security Act, relating to the Social Security, Supplemental VeteransŐ Benefits, and SSI programs; and,

(3) violations of section 1107(b) of the Social Security Act, relating to misrepresentation.

With regard to a conviction under 18 U.S.C. 641, would provide for aggregating the amounts from all counts for which a defendant is convicted in a single case. Present law provides for a maximum prison term of one year when the value of the subject property does not exceed $1,000.

Since some courts do not combine the value of the amounts from all counts in imposing sentence, the proposed change would facilitate the imposition of longer prison sentences by those courts.

Prohibit a court from:

(1) placing any person convicted of such a violation on probation;

(2) reducing any sentence for the related felony to take into account the sentence imposed for such a violation; or

(3) providing for concurrent terms of imprisonment for a violation of this Act and any other violation, except, in the courtŐs discretion, an additional violation of this section.

Expand the existing identity theft prohibition to:

(1) cover possession of a means of identification of another with intent to commit specified unlawful activity;

(2) increase penalties for violations; and

(3) include acts of domestic terrorism within the scope of a prohibition against facilitating an act of international terrorism.

This is, of course, fantastic news since prosecutors have been loathe to go after these criminals until now because the cost outweighed the punishment if convicted (of anything at all) If you have been a victim of identity theft where nothing was done, I would recommend you take your case back to the local authorities and ask them whether will reopen it for you.

* The information being provided is strictly as a courtesy. When you link to any of the websites provided herewith, you are leaving this site. Taylor & Associates and Royal Alliance Associates, Inc. make make no representations as to the completeness or accuracy of the information provided at these sites. Nor are the companies liable for any direct or indirect technical or system issues or any consequences arising out of your access to or your use of third party technology, sites, information and programs made available through this site. By clicking on the link above you will leave the web site of Taylor & Associates and you assume total responsibility and risk for your use of the site you are linking to.

Please note: Some of the information contained herein has been reproduced from a Federal Trade Commission consumer Alert bulletin published July 2003. As an agency of the federal government, the content reproduced is free for distribution and considered public domain.

Nigel B. Taylor, CFP¨ is a Registered Representative of and offers securities products & services through Royal Alliance Associates, Inc. Member FINRA/SIPC, a registered Broker-Dealer. In this regard, this communication is strictly intended for individuals residing in the states of California & Nevada. No offers may be made or accepted from any resident outside the specific state(s) referenced.

CFP®, CERTIFIED FINANCIAL PLANNER™ and the CFP® flame logo are federally registered services marks of the CFP board of Standards, Inc. CO.