By Mark Huffman
March 5, 2007
The New York State Consumer Protection Board (CPB) is warning consumers about a new series of "phishing" e-mails that are boldly labeled "Phishing" in the subject header.
CPB investigators have uncovered a new version of an old Internet scam -- using deceptive e-mails to trick consumers into providing valuable personal information.
E-mails sent during February appeared to be from Chase Bank with the subject line reading "Phishing: Security Measures." This leads some consumers into believing that they are being protected from phishing. Similar e-mails have been sent out, claiming to be from PayPal and eBay.
Like most phishing e-mails, these new messages claim that your account information has been lost or stolen. It then instructs you to provide your Social Security number, as well as passwords, credit card or bank account credentials -- all the information needed to carry out identity theft.
"No legitimate company solicits this kind of data through an e-mail. Dont fall for the tricks and respond by divulging your personal information," said Mindy Bockstein, the Acting Chairwoman and Executive Director of the CPB. "This is a reminder that you should never give out personal or financial information -- especially over the Internet -- unless you're absolutely certain of where and to whom it's going."
"By using the word 'phishing,' these scam artists are trying to gain your trust and make you lower your guard," said Parry Aftab, an Internet security lawyer and Executive Director of the Internet safety site, www.wiredsafety.org.
"A lot of people have heard about phishing, but they may not fully understand what it's all about. So when they receive a message that appears to be a helpful warning about phishing, they may not realize this is actually an attempt to steal their money and their identity."
Phishing scams are successful because, in many cases, consumers reply too quickly and send out their personal information without considering whether this is an attempt at Identity theft. Often the perpetrators use legitimate names of companies or retailers to lead consumers to divulge personal identity information on fraudulent websites.
While there are no statistics available on this new scam, investigators believe that it must be working because the scam artists have been using this new technique since early January.
According to the Anti-Phishing Working Group, there were 28,531 phishing websites reported in December of 2006 compared to the 7,197 reported in December of 2005. The largest number last year -- 37,439-- was reported in November, according to the Working Group, a coalition of business, academic and law enforcement agencies.