Security experts warn of the potential severity of falling for phishing scams, claiming the data pilfered from these scams can not only result in financial loss, but in stolen personal information. This loss of financial data and or personal information can lead to identity theft and ultimately a whole heap of bad credit history for the victim. We have featured this topic in aid of National Cyber Security Awareness Week 2012.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

Tech publication, Computerworld warned readers this week of the growing threat of very clever phishing scams currently out there, threatening the personal information of PayPal Australia and American Express Australia customers. The four-month email phishing campaign has been targeting those customers with legitimate looking emails and one click could leave them vulnerable to identity theft. The article, PayPal, Amex phishing: What you need to know reveals some advice from top security experts on what this could mean for consumers. But before we delve into what the experts say, let’s look clarify how phishing scams work.

The ins and outs of phishing scams

Phishing scams are generally emails or text messages which impersonate genuine companies in the hope of tricking victims into giving out their personal and financial information. They can appear to come from banks, big companies and in the most recent cases, PayPal and Amex.

The aim of phishing is to steal information like bank and credit account numbers, passwords, and other crucial personal data.

The ACCC’s Scamwatch website warns that phishing emails are not easily distinguishable from genuine corporate communication:

“Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.

The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as a real bank’s or financial institution’s site. For example, if the genuine site is at ‘www.realbank.com.au’, the scammer may use an address like ‘www.realbank.com.au.log107.biz’ or ‘www.phoneybank.com/realbank.com.au/login’.”

What happens if people fall for a phishing scam?

In the Computerworld article, Doctor Jon Oliver, Trend Micro Australia global threat researcher warns that phishing scams were designed to infect computers through virus-containing links in the emails.

“If a user gets infected then they may suffer direct economic loss because the malicious payload of these phishing-like schemes is to infect the user with financial Trojans and information stealers,”…

Aside from potentially gaining access to credit card details, Oliver said the BlackHole exploit kit spam runs were infecting users with malware, leaving the users and companies open to ongoing damage until the systems were cleaned or re-imaged…

“The types of damage can include stolen usernames / passwords, fake anti-virus attacks or data theft,” Mr Oliver said.

The article also features warnings from IDC Australia senior market analyst , Vern Hue. He said that companies needed to be extra vigilant with security as the emails could prove to be an opportunity for cyber-criminals to deceive people into believing that emails and other communications came from a legitimate source.

“However, once they click on a link, users will then be transported into a link that is hosted by malicious actors for the purpose of either stealing information, installing malware or duping users to part with their money,” Hue said.

“We need to be cognisant of the fact that cyber-criminal are crafting very authentic looking email communications.”

He recommended that organisations put in place formal business communication policies and guidelines around acceptable use of social media and financial services.

So aside from potentially having credit card details stolen, these scams can invade all the personal data on a person’s computer. What would such a virus find on most computers? Probably a whole lot of personal and financial information – enough for a clever and determined cybercrook to go about stealing the victim’s identity. A fake identity means fraudsters have access to their victim’s good name through their credit rating, and it means the victim has a whole host of difficulties in recovering their ability to obtain credit.

Vigilance against phishing scams

The Scamwatch website provides these tips for steering clear of phishing scams:

• NEVER send money or give credit card or online account details to anyone you do not know and trust.
• Do not give out your personal, credit card or online account details over the phone unless you made the call and  know that the phone number came from a trusted source.
• Do not open suspicious or unsolicited emails (spam)—ignore them. You can report spam to Australian  Communications and Media Authority. If you do not wish to report the message, delete it.
• Do not click on any links in a spam email or open any files attached to them.
• Never call a telephone number that you see in a spam email or SMS.
• If you want to access an internet account website, use a bookmarked link or type the address in yourself—NEVER  follow a link in an email.
• Check the website address carefully. Scammers often set up fake websites with very similar addresses.
• Never enter your personal, credit card or online account information on a website if you are not certain it is genuine.
• Never send your personal, credit card or online account details through an email

For help with recovering a damaged credit rating following identity theft, contact MyCRA Credit Rating Repairs directly on 1300 667 218 or visit the main website www.mycra.com.au.

Image above: David Castillo Dominici/ www.FreeDigitalPhotos.net