Here at Consumer Federation of America we use a spam filter that catches dozens of phishing emails every day. But some still get through. Phishing is when an identity thief pretends to be from a company, organization, or government agency, and asks you to provide your personal information for some reasonable-sounding purpose, or tries to get you to click on a link that allows a thief to get into your computer remotely and steal account numbers and other information. Recently a staff person at CFA received an email that appeared to be the monthly bill from her wireless phone company. The amount of the bill was higher than usual, though, which caused her to look more closely at the message. She noticed that the sender’s address was “alerts@irs. gov,” which made no sense. A call to the wireless company confirmed that this was not her bill. If she’d clicked on the link to pay it, it probably would have taken her to a fraudulent website made to look just like the company’s, where she would have provided her credit card number. Spyware might also have been installed in her computer.
CFA’s spam filter contained several more emails purporting to be from the same wireless company, with sender addresses that were in some cases very similar to the real address the company uses. It’s unclear why these messages got snagged in the spam filter and the more obviously fraudulent one got through, but it’s a reminder that filters are not foolproof – consumers have to be vigilant to protect themselves from phishing.
The creativity of identity thieves is boundless. This summer there have been reports from around the country of people being duped into providing their Social Security numbers and other personal information by scammers claiming that a special government assistance program would pay their utility bills. Some of these approaches have been made by email, but other methods have been used as well, including tweets, messages on social networking sites, and even door-to-door solicitations. With record high temperatures in many places and correspondingly high bills for air conditioning, a helping hand from the government sounds great. There are legitimate programs that assist low-income people with their utility bills; if you think you might qualify, contact your state utilities department for information. But be wary of anyone who contacts you out of the blue asking for your personal information, for any reason. Two good resources about phishing are the Anti-Phishing Working Group and the federal government’s OnguardOnline website.