From wikipedia.org
Phishers are targeting the customers of banks and online payment services. E-mails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers. While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus e-mails accordingly. Targeted versions of phishing have been termed spear phishing. Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft; in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Experiments show a success rate of over 70% for phishing attacks on social networks.
Attackers who broke into TD Ameritrade’s database (containing all 6.3 million customers’ social security numbers, account numbers and email addresses as well as their names, addresses, dates of birth, phone numbers and trading activity) also wanted the account usernames and passwords, so they launched a follow-up spear phishing attack.
If you think you’re the victim of phishing report the incident. Contact your credit card company if you have given out your credit card information. Reporting that your account may be compromised and closing the account should be your first step. The sooner a credit card issuer knows, the easier it will be for them to help protect you.
Send the entire fraudulent message to the company that’s been misrepresented. Remember to contact the organization directly, not through the e-mail message you received. Find out if they have a special e-mail address to report such abuse.
You can also report the phishing scam to the Anti-Phishing Working Group at reportphishing@antiphishing.org and to the FTC at spam@uce.gov.
Please be suspicious of all email messages, even if it looks like it came from someone you know.
Statistics
USA Banks Targeted:
American Express
Bank of America
Banknorth Group
Bank One
Citibank
First Union Bank
First USA
Fleet Bank
MBNA
US Bank
VISA
Wells Fargo
Top Ten Phishiest Countries
1 Comoros
2 Sri Lanka
3 Turkmenistan
4 Nicaragua
5 Bangladesh
6 Iran
7 Romania
8 Palestine Territory, Occupied
9 Laos
10 Pakistan
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
“Verify your account.” Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail message from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam.
“You have won the lottery.” The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery.
“If you don’t respond within 48 hours, your account will be closed.” These messages convey a sense of urgency so that you’ll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.