June 9, 2006

Audio MP3(1.3 Mb) Audio Script

Video Quicktime Movie (6.1 Mb) Real Player (0.0 Mb) Video Script

COLLEGE STATION – The e-mails look official. They have logos and seem to be from such institutions as Amazon, PayPal, CitiBank, Wells Fargo and even the Internal Revenue Service. The message says something is wrong with your account and you need to update your personal information.

But don't believe a word of them, said a Texas Cooperative Extension expert.

They are ‘phishing' scams, said Dr. Joyce Cavanagh, Extension family economics specialist.

Fishermen put bait on a hook, toss it in the water and see what bites, she said. ‘Phishermen' do basically the same thing, only they are angling for personal information.

These e-mails and telephone calls come in various formats, but the hoped-for result is the same: the person who receives them will believe they are legitimate and will provide the asked-for personal information, Cavanagh said. The scammer can use that information to set up bogus accounts in the victim's name, stealing his or her identity.

"They are ‘phishing' for information," she said. "They are preying on your fears ... fears of losing money or accounts closing."

Phishing scams are nothing new, but some new varieties have been popping up lately, she said. For example, during the recent tax season, an e-mail appearing to be from the IRS made the rounds.

"During tax season people have a heightened awareness of anything related to taxes," Cavanagh said. "Even now (that tax season is over) people are still getting e-mail about a problem with their tax returns."

Another new phishing expedition involves supposedly missed jury duty, she said. This scam, which may be conducted over the phone, starts with a call from someone who claims to be from the courts. The victim, who was never really called for jury duty, is told ignoring the summons can result in legal action. That's when the caller requests verification of personal information to ‘make sure' the caller contacted the right person, and the victim – who still thinks the call is from a real official – provides what is asked for.

"Personal information such as account numbers and Social Security numbers will help someone steal your identity," Cavanagh said.

MSN Money recently published a story from BusinessWeek which reported on a new e-mail scam that also involves threatened legal action. According to the article, the e-mail sender threatens to sue the receiver over "alleged junk fax." The e-mail tells the receiver that the lawsuit will be dropped if she or she sends $500 by payment deadline and includes details of the lawsuit in an attachment.

That attachment carries a computer worm called Bagle, the article continues. When the attachment is opened, embedded code is released into the victim's computer and copies all the e-mail addresses listed. The worm then uses that list to send out even more spam.

Opening attachments from unknown e-mail senders is never a good idea, Cavanagh said.

"Once downloaded, the attachment can install spyware that communicates back to the sender so it can monitor your passwords," which is another way scammers can access your personal information, she said.

Other scams appear to come from legitimate businesses or real financial institutions, Cavanagh said. These e-mails even use official-looking logos and language, so getting caught by one is easy, she added.

Her advice: "Never ever give out your personal information if you have not initiated the call or e-mail yourself. Never respond to an e-mail message or a link in a message."

If you have an account with a company that appears to have sent you a questionable e-mail, call the toll-free number on your account statement or go to a new Web browser and type in their address yourself, Cavanagh said. That will let you verify whether the e-mail is legitimate or not.

The bottom line, Cavanagh said, is "no legitimate business or government agency will ever ask you to verify your personal information by e-mail or a phone call. They might ask you to go to their Web site and update your information, but no (e-mail) link is necessary."

Some common-sense steps can help keep personal computers safe from these phishing expeditions, she said.

"Make sure you have a firewall, especially if you have DSL or cable Internet or leave your computer on all the time," Cavanagh said. "Firewalls prevent other computers from getting access to your computer."

Also, make sure to have virus protection and spyware protection and update both regularly, she advised.

And be aware of how your computer is used, she said.

"You need to be very careful about who has access to your computer and what they are using it for," Cavanagh said.

And remember, she said, if a phishing expedition comes around, don't take the bait.