I have definitely been sent an attempt at phishing, (I know it is phishing because it came from Gambia and I won't reply to them) but where can I (report) these?
This question was answered on November 16, 2007. Much of the information contained herein may have changed since posting.
Phishing as defined by Webopedia as: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Generally, the e-mail attempts to get the victim to click on a link that represents itself as a bank or popular online commerce site asking for “confirmation” of key identification information.
Phishing has been around long enough that most seasoned e-mail users are able to spot a suspicious message so the bad guys are continuing to become more creative If you want to test your ability to sniff out a phishing scam, take the very informative test from Sonic Wall at www.sonicwall.com/phishing.
Since gathering information for identity theft via the Internet is both safer and more productive for organized crime, the incidents of cleverly (and poorly) crafted e-mail messages have been on the increase
And, unfortunately, the number of people falling for these scams is great enough to encourage identity thieves to create new scams every day.
According to the statistics posted at marshal.com, Europe is far and away the leader in production of phishing scams (over 60% originate in a European country) and Russia continues to be the single largest source of phishing scams.
Ebay and Paypal are the most commonly used brands in the scams, but virtually every financial institution is now being spoofed in an attempt to catch folks off guard.
Reporting any phishing scam will help to shut down the offending website, but it will rarely result in the capture of a criminal The average phishing site is only up for a short period of time, ranging from a couple of hours to a couple of days and is very difficult to trace back to the hacker that created it.
Most phishing sites are hidden on vulnerable web servers, so when they are reported, the unsuspecting host is notified that they are participating in the scam and it is taken down quickly.
There are a number of places that you can report suspected phishing scams including: your own ISP or mail service, www.antiphishing.org, www.fraud.org or by sending the message directly to the Federal Trade Commissions reporting mechanism at [email protected] (phishing scams are considered deceptive spam).
But the most important group to send the message to is the company that is being fraudulently represented in the scam message Just about every company has an info@NameOfCompany or spoof@ or fraud@ that you can send a copy of the message to.
In order to be of the most help, you must send the original message along with the message header, which can not be done if you simply forward the message.
The best way to send the message with the header included is to send it as an attachment to a new message This can be done in most e-mail programs by clicking and dragging the phishing message onto the attachment section of a new message.
This is only possible on stand alone e-mail programs like Outlook, Outlook Express, Netscape or Thunderbird, so those that use any form of webmail (Yahoo, Gmail, Hotmail, etc.) should search for help on “forwarding messages with header info” at the support website for their service.
About the author
Ken Colburn of Data Doctors on November 16, 2007