The text might say that if personal information isn't immediately disclosed, the account will be frozen or shut down. Another variation is an urgent warning that an account is under attack by hackers and the information is needed to "verify" the true account holder.
Money is sometimes used as a lure. For the last couple of years, fake messages supposedly from the Internal Revenue Service have promised recipients a tax refund. But to deposit this windfall, the individual's banking information is needed.
Some of the e-mails are laughably poor attempts at fooling the public. A recent one read, "Recommends banks to process Visa card to renew your data quickly before being delete your Visa card."
It's like spam from Yoda.
But a link on the e-mail led to a legitimate-looking Citibank Web page where banking information was requested. These simulated sites, which can be created using simple Web tools, are the second part of the phishing scam.
They can be so convincing that, in an academic study presented in 2006 at the Conference On Human Factors in Computer Systems, well-crafted phishing websites were able to fool 90% of participants.
Obviously, the public needs to be educated about phishing, which seemed to be the aim of an e-mail in wide circulation in England. It was addressed to customers of Barclays, one of the country's largest banks.
"Like other UK based banks, we are currently seeing very large numbers of 'phishing e-mails' in circulation," it said. "Many of these look as if they are from Barclays, typically encouraging you to click a link and type in your login details."
The e-mail went on to explain how phishing works and requested, "please spend a few minutes to upgrade to our latest security."
Then it gave the link to a website. And as you guessed, it was a phishing site, designed by scammers to get their hands on account information. The e-mail was a fake, but so polite.
At the very bottom it said, "We apologize for the inconvenience and thank you for your co-operation."
You could almost hear them laughing, literally all the way to the bank.
--
david.colker@latimes.com
--
BEGIN TEXT OF INFOBOX
No phishing
The banking crisis offers all too many opportunities for phishing -- fake e-mails sent by scammers trying to trick consumers into giving out personal financial information. Here's advice on the scam from the Federal Trade Commission.
* Don't reply to any e-mails asking for bank account, Social Security or other personal financial numbers. If you think the message might be legitimate, call the financial institution it supposedly came from and check.
* Don't click on links in questionable e-mails.
* Go directly to bank websites when necessary -- don't use Web addresses for these institutions that are not familiar.
* Review your bank statements, whether in print or online, regularly to check for unauthorized charges.
* If you think you've been scammed, visit the FTC's website at www.ftc.gov/idtheft for advice.
Source: Federal Trade Commission
