 |
 |
Scammers go phishingThe FBI has called it the “hottest, most troubling new scam on the Internet,” with more than 57 million Americans having been targeted by it. One analyst who tracks and addresses computer security issues, Marc Sachs, predicts “phishing will be our biggest computer security headache in 2005.” Phishing—pronounced “fishing”—is the latest form of identity theft. According to Gartner Research, phishing has accounted for $2.4 billion in fraud—an average of $1,200 per victim. And up to 5 percent of those who receive these fraudulent e-mails are responding, giving thieves personal information that puts the consumer’s financial accounts and credit history at serious risk. Retailers can take steps to protect themselves and their customers from phishing scams. The first step is to understand them. In this scam, thieves act as if they are representatives of an organization or business and try to “hook” a consumer into providing personal information. With that information, the thieves can access the consumer’s financial data, apply for loans or credit or make large purchases with no intention of paying for merchandise. Here’s how it works: Consumers receive an e-mail (or, less commonly, a phone call) from an organization with which they do business, typically a bank, credit card company or retailer. The e-mail often includes bogus appeals such as problems with an account or billing errors and asks the consumer to confirm his or her personal information. The appeals can sound quite credible to consumers, with phrases like “We’re updating our records,” “We’ve identified fraudulent activity on your account” or “Due to a computer problem, we lost valuable account information.” To encourage people to act immediately, the e-mail sometimes threatens that the account could be closed or cancelled. Most e-mails ask recipients to follow a link that takes them to a near-exact replica of the victim company’s website. Graphics on the counterfeit site may be identical, and the site may be so convincing that even experts have difficulty telling the fake site from the real one. Consumers should never respond to unsolicited e-mails
that direct them to divulge personal or identifying information. Reputable
organizations generally do not request account numbers or passwords unless
the consumer initiated the transaction. While you might be outraged that someone has created a phony website that mimics your store’s website, it’s impossible to prevent fraudsters from creating such sites and difficult to remedy the damage to your brand through the legal system. The best protection against phishing and other Internet scams is education. • Inform your customers—on your website, on billing statements and with signs in your store—that you will never contact them to ask for personally identifying information. • Train your staff on the issue. • Ask customers to contact the store if they receive e-mails from someone appearing to represent the store and asking for personal information. • If you use an e-newsletter to communicate with customers, include a brief article informing them about phishing and telling them what to do when they receive a suspicious e-mail (do not respond, report it to the store.) • Be prepared to answer customers’ questions about what your company is doing to protect their private information. While it’s important to reassure your customers that you have programs in place to protect their information, it’s also important to educate them about their responsibility in keeping their personal and financial information secure. • Victims of phishing—or even those who suspect they are victims—should call the bank, credit card company or retailer that was involved and close their account immediately, explaining the reason. Their second call should be to the police. Last, but not least, they should report the incident to the Anti-Phishing Working Group at: www.antiphishing.org. Return to January/February Michigan Retailer Page one • MRA home |