Sign In | Create an Account | Welcome, . My Account | Logout | Subscribe | Submit News | Contact Us | Home RSS

‘Phish’ on the menu for holiday shopping season

October 14, 2012
By CRAIG MOON ( , Times-Republican

Soon Iowans will be shopping for that special gift, and hoping it arrives in the nick of time. In this flurry of holiday activity, emails will be flying, and a few phish will be caught.

Nearly everyone has received a suspicious email. A new word has been coined to describe them.

"Phishing" is the process of sending fraudulent email, and though most people will ignore them, a few will take the bait and respond.

Those fraudulent emails are designed to play off emotions or fear with the goal of stealing your money, identity or both. They may appear to be from your bank, credit card provider or even from companies like Amazon and UPS.

"I received an email that looked like it was from UPS. If I hadn't looked closely, it would have fooled me," said Bob Holmes, a local resident. "With all the shipping that goes on at Christmas, this could fool a lot of people."

One way this scam operates is to induce the recipient to reveal information like passwords, banking, or credit card information. Another variant contains links in the body of the email that will direct a victim to websites that install malicious software that can track and steal information.

"It is difficult to prosecute perpetrators," said Geoff Greenwood, communications director for the Iowa Attorney General. "They are experts at hiding their tracks. Frequently they are from Eastern Europe, Africa and Asia."

Local police departments encounter this problem when they take crime reports, said Capt. Mike Hanken, with the Marshalltown Police Department.

"Legitimate companies should never ask for personal information by email," he said.

Hanken and Greenwood agree on the importance of a few preventive measures. You should not respond to unsolicited email, and never provide sensitive information through that medium. Don't click on links contained in the body of suspicious email. If the communication appears to be from a company that you have a relationship with, and requires a response, obtain the phone number or web address from another source like your statement. Then contact the company. Finally, promptly review all statements and report all discrepancies.



I am looking for: