Oregon Department of Justice

Fake e-commerce sites touting last minute, bargain holiday gifts are the newest "spoofs" used by identity theft scammers "phishing" online with phony messages in order to steal consumers' financial information, according to Oregon Attorney General Hardy Myers.

Internet investigators explain the holiday "phishing" scam as follows: Oregonians searching on the Internet for last minute, bargain presents will click on a link and are directed to a legitimate-looking web page with instructions to "click here to download images" of what they want to buy. Consumers are tricked into downloading a file that takes control of their computer or it allows identity thieves access to their personal information.

"The most common "phishers" are using spam, pop-up messages and "bubbles" to lure Oregonians into believing that the requests for information screens are legitimate and from trusted business or government organizations when, in fact, they are not," Myers explained.

"And if that isn't bad enough, these same high-tech, flim-flam artists are going back to earlier victims and "re-loading" them with second and third "spoofs" that appear to warn Internet users of the first scam."

APWG, a national anti-"phishing" group, reports a 100 percent increase in the number of "phishing" sites between September and October 2004 and an estimated 80-100 new "phishing" websites appear daily. APWG is online at www.antiphishing.org.

The more typical "phishing" scam begins when Internet users receive an email or pop-up message that claims to be from a business or organization that is familiar to them such as their Internet service provider (ISP), banks, government agencies, auctions and online payment services. The message usually asks for an information "update" or validation of an account number. Sometimes it threatens some dire consequence for failure to respond. The message directs consumers to a bogus website that oftentimes is an exact duplicate of the real thing with a slightly different web-address. Oregonians are then tricked into divulging personal financial information, which is either sold or used to run up bills or commit crimes in the consumer's name.

Some of the legitimate companies being used by "phishers" to recreate valid-looking, e-mail correspondence are AOL, PayPal, eBay, US Bank, Citibank and SunTrust Bank.

Attorney General Myers suggests the following tips to avoid being hooked by a "phishing" scam:

• Never reply or click on a link in an email message that asks for personal or financial information. Legitimate companies don't ask for this information via email.
• If you are concerned about your account, directly contact the organization named in the email by using a telephone number you know to be genuine. You also may contact them by computer by manually typing in their official Internet address on your browser.
• Email is not a secure method of transmitting personal or financial information. If you initiate a transaction and want to provide financial information through its website, look for indications that the site is secure such as a lock icon on the browser's status bar or a URL for a website that beings with https. Unfortunately, no indicator is foolproof; some "phishers" have forged security icons.
• Always pay with a credit card, not a debit card. Federal and state laws protect you against unauthorized use of your credit cards. Never wire money unless you personally know who will receive it.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• Use anti-virus software and keep it up to date. Some "phishing" emails contain software that can harm your computer.
• Report suspicious activity to the Federal Trade Commission by forwarding spam that is "phishing" for information to spam@uce.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft to learn how to minimize your risk of damage.

Oregon consumers wanting more information on ID Theft and consumer protection in the state may contact the Attorney General's consumer hotline at (503) 378-4320 (Salem area only), (503) 229-5725 (Portland area only) or toll-free at 1-877-877-9392. Justice is online at www.doj.state.or.us.