The endless barrage of spam assaulting your mail account is bad enough. But most spam is quite obviously spam. We've all learned to almost instantly recognize a spam message when we see it. However, an increasingly frequent and dangerous trick is known as "phishing," and it's a bit worse than your average get-rich-quick spam message. The result is over 1.2 billion dollars in fraud in less than one year.

Phishing is a form of fraud that involves tricking you into thinking a message is from a legitimate sender and then leading you to a bogus (but very convincing) site where you are prompted to enter sensitive personal data such as credit card or account numbers, social security numbers, or passwords. The purpose of such scams is not hard to imagine. The perpetrators wish to steal money from your accounts, commit crimes in your name, or even steal your identity. According to antiphishing.org, up to 5% of recipients have fallen for the trick. It's easy to see why: at first glance, the messages can appear to be real, even to a seasoned internet user.

A phishing message will most likely have the logo of a legitimate company, and the "From" address may also appear to be from the real company. In some rare cases, the URL shown in the browser's address field may even display the domain of the legitimate company.

Two infamous phishing scams that have circulated a lot during the past couple of years involve eBay (example) and PayPal (example), and it is now increasingly common to see similar scams relating to online banking. The gist of the message is usually something along the lines of "there is a problem with your account and we need to validate your information" or "your account information needs to be updated." Those phrases should trigger suspicion just as readily as "1.ast CHan.ce 2 SAV Now!!"

Phishing is a growing risk, and lawmakers and companies have started to fight back. Microsoft recently donated both money and a paid analyst to the National Cyber-Forensics and Training Alliance (NCFTA). In July, the Identity Theft Penalty Enhancement Act was signed into law. The act imposes prison sentences for individuals using someone else's identification data for criminal purposes. An additional bill proposed July 9 by Senator Patrick Leahy of Vermont would also provide prison terms and stiff fines for those convicted of phishing.

To protect yourself, do not open links in email or instant messages that ask for personal or financial information. It is unlikely that legitimate companies will ask for such information via email (and if they do, you should complain). If you are in doubt as to the authenticity of a message, you should call the company in question to clarify. You can also type the company's URL directly into the web browser instead of clicking a link from a message to ensure that you are going to the company's real website.

If you suspect that you have been the victim of a phishing attack, you should immediately contact the actual bank or store by telephone and explain the situation. You can also report possible scams to the Better Business Bureau at http://www.bbbonline.org/idtheft/ or the Federal Trade Commission at http://www.ftc.gov/.

Finally, you can help make the internet safer for us all by educating your colleagues, family and friends about the dangers of phishing scams.

Author Name: Rebecca Wyatt
Author Email: chris@pixicom.com
Author Website: http://www.pixicom.com