Gone Phishing: Dealing with Internet Thugs

By Gail Perry
 
Have you ever received a message in your e-mail inbox that looks like it comes from a reputable company, like a bank or some other financial Web site or even the Internal Revenue Service, but there's something a bit amiss about the message – the company is asking you to enter your password or username or it's asking for a PIN or Social Security or credit card number - information that company should already have. This attempt to collect information while posing as a recognizable company is known as phishing.
 
Sometimes phishing messages try to scare you by telling you that an account is overdrawn, a tax return is about to be audited, a payment has been charged to your credit card, an account has expired, or your password has been invalidated.
 
With phishing, someone or some company is betting that if they send out thousands or even millions of deceptive messages, a small percentage of people will believe the message is from the reputable company and will supply the requested private information. After all, it seems reasonable to provide a bank with your PIN number, right? You use it every time you go to the bank machine – isn't this the same thing?
 
Of course it isn't.
 
Protect yourself from phishing scams
 
If you see one of these random requests for information, you should take one or more of the following steps:
 
  • Ignore the message.
  • Delete the message.
  • Do not click on any links in the message.
  • Do not click on any attachments that accompany the message.
  • Do not reply to the e-mail message.
  • Report the receipt of the message to the actual company (but not by hitting the "Reply" button – instead write the company directly through the company's own Web site, or call the company on the phone – however don't use a phone number that appears in the e-mail message).
  • Report the receipt of the message to US-CERT (United States Computer Emergency Readiness Team) at phishing-report@us-cert.gov.
  • If the company being phished is the Internal Revenue Service, report the incident to the IRS at phishing@irs.gov.
If you receive a phishing message and you can't tell if it's real or not, but you think it's a message that might be real, contact the actual company, tell them about the message, and ask them if they sent you a request for information.
 
It appears there has been a recent uptick in phishing reports in the past week, perhaps a harbinger of the holiday season. Just in the past week:
  • The Better Business Bureau has been used in a phishing scheme attempting to get e-mail recipients to click on potentially damaging hyperlinks and open attachments.
  • X-Box LIVE users have also received phishing e-mail messages attempting to get the users to share passwords, usernames, and credit card information.
  • Several Idaho residents received e-mail messages in the past week indicating a problem with a banking transaction and asking them to click on a link to attend to the problem. Once the user clicks on the link, the user's computer becomes infected with malware.
  • Delta Airlines has been used in a phishing scheme – e-mail recipients are told they purchased an airline ticket and their credit card has been charged and are given a link to where they can             verify the flight information.
 
AccountingWEB victimized by phishing scam
 
Members of the legal and financial community have received a phishing message in the past week purportedly from AccountingWEB, indicating that payment is due on an invoice for a premium member service, and asking the user to click on an attachment to see the invoice or click on a link to ask questions about the alleged invoice. As with the other phishing schemes described herein, the AccountingWEB INVOICE message is not a legitimate message, it should be deleted, and any attachments should be ignored.
 

You may like these other stories...

Event Date: May 29, 2014 In this presentation Excel expert David Ringstrom, CPA brings you up to speed on the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both...
No field likes its buzzwords more than technology, and one of today's leading terms is "the cloud." But it's not just a matter of knowing what's fashionable. Accounting professionals who know how to use...
There is a growing trend of accountants moving away from traditional compliance work to more advisory work. Client demand is there, but it is up to the accountants to capitalize on that. What should accountants' roles be...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.