Crooks turn to new phishing tricks to bait victims: Internet Scambusters #490
Despite all the warnings, phishing continues to be one of the
main sources for identity theft.
Crooks stay one step ahead of users and even security experts
by coming up with a stream of new ideas to fool people into
disclosing personal information.
In this week’s issue we highlight four of the latest phishing
tricks, how to spot them and what you can do to avoid them.
However, we encourage you to take a look at this week’s most
popular articles from our other sites:
Donate to Charity Safely and Responsibly: Here are some basic tips to follow if you want to donate to charity without getting scammed.
Myths About Vegetarians That Deserve to be Busted: Read this article to clear up a few public myths about vegetarians that cause them trouble time after time.
Your Guide to Baby Shower Organization: Here’s a timeline to help you figure out how to organize a baby shower whether you have your eight weeks or not.
How to Avoid Gold Investment Scams: Find out how, given the amount of money involved, gold investment scams are inevitable.
Let’s get started…
Watch Out For These 4 New Phishing Scams
If you’ve ever been caught out by one of those trick questions
that have you kicking yourself when you realize you fell for
it, you’ll have some idea of what it feels like to be the
victim of a phishing scam.
You look back on the incident that led to you giving away
important confidential information about yourself and you
wonder how you could have fallen for it.
Well, one reason why people are still giving their information
away — and usually suffering identity theft as a result — is
that the crooks keep coming up with ingenious ways of fooling
you, by convincing you they’re genuine.
So, although we’ve written about the perils of phishing many
times, you can never let your guard down. There’s always
Of course, it’s always worth checking out some of those
earlier Scambusters back issues to familiarize yourself with
what phishing is and how it works:
It shouldn’t be any surprise to learn that 2012 has already
witnessed a whole new batch of phishing scams. Here’s just a
Phishing Email Targets Previous Victims
In this phishing scam, recently seen in Florida, crooks
pretend to be officials from IC3 — the Internet Crime
Complaints Center or from a government department —
investigating earlier scams.
They send emails asking if the recipient has previously been
scammed and, if so, to provide contact details so the
“investigators” can speak with them.
The crooks then call the victim, claiming to have recovered
the money they lost.
But, of course, the victim is then asked to provide key
financial information like credit card numbers or bank account
Or they’re told they have to pay a fee to release the funds
and must either give their card details or wire the bogus fee
to an untraceable person.
Action: This is a cunning phishing trick that quickly wins
victims’ trust. But it’s obviously a scam if you’re asked to
wire money or pay any kind of fee to recover losses.
It’s highly unlikely that IC3 or any other law enforcement
organization would ever approach people this way.
And, of course, you should never accept that someone who
contacts you is who they say they are.
Find out the genuine organization’s email address or phone
number independently — don’t ask the caller — and check out
the story with them.
Also look out for a similar type of phishing email claiming to
come from the Federal Deposit Insurance Corporation (FDIC).
Bogus Online Drivers Licensing
In New Hampshire and several another states recently, drivers
who went online to apply for renewal of their license ended
up on a phishing scam site that looked like the real thing and
fooled them into parting with important identity information.
They arrived at the sites by responding to a genuine letter
saying their renewal was coming up, then doing an online
After that, they simply clicked on a link that looked like it
must be the local DMV, then gave the information it asked for.
Action: In New Hampshire, and likely other states, the
reminder letter contains the correct email address for the
Even without this, all federal and state government sites have
the “.gov” extension at the end of the address.
And finally, if you’re being asked to part with financial
information, the browser should display a padlock and/or have
an address that begins with “https” (it’s the “s” part that’s
important — it indicates you’re on a secure website).
If in any doubt, get in your car and drive down to the DMV —
provided your license is still current!
Google Docs Phishing Scam
Do you ever use the online word processing or spreadsheet
programs provided by Google? If so, beware of these clever
They use supposedly helpful forms seeking your sign-on details
and other information.
The trouble here is that the bogus forms are actually hosted
on the real Google servers so they appear to be genuine.
They tempt victims into using them by appearing to offer
opportunities to upgrade your subscription or report a program
People search for them, use them, and give away their ID
Action: The only answer here is not to use forms in the public
area of Google docs that ask for your personal details.
Pinterest Phishing Scams
Pinterest is the latest darling of the social networking
world, which makes it the perfect target for a phishing scam.
If you don’t already know it, the site, as its name kind of
suggests, is an online corkboard where you collect and “pin”
images of things you like by category.
You can “follow” others too, for instance, friends or people
who share your hobbies and interests.
You can repin their pictures onto your board, and even pin
your pictures on others’ boards. Clicking on any of the images
will take you to the website it came from.
Membership of Pinterest is growing by thousands every day and
the scammers have picked up on this.
Their trick works by getting Pinterest users to spread images
linked to phishing sites.
Users may not realize they’ve been scammed and then repin the
phishing pictures on friends’ boards — or the friends
themselves pick them up.
They’re usually images promoting free offers or gift cards in
return for completing a survey.
Recent examples have used Starbucks Coffee, Coach leatherware
and Red Velvet cakes and, in at least one instance, claimed to
be a promo direct from Pinterest.
In every case, clicking the image takes you to a malicious
website that asks for personal details.
Action: Remember the “too good to be true” rule and,
generally, steer clear of supposed offers like this.
Read more about this scam on a blog posting at security firm
Trend Micro’s website: Survey Scams Find Their Way into Pinterest.
All of the phishing tricks outlined in this issue underline
one important fact — scammers are clever and creative people
who are experts at fooling others.
The best solution to avoid a phishing scam is to be constantly
vigilant and skeptical, and never give away personal
information unless you’re 100% sure of who you’re giving it to.
Time to conclude for today — have a great week!