1. Money
You can opt-out at any time. Please refer to our privacy policy for contact information.

Phishing Can Lead to Identity Theft

Forwarding Spam Helps "Harvesters" Track Emails

By

Phishing Can Lead to Identity Theft
Getty/James Lauritz

You might want to Think twice before forwarding an e-mail – especially if it has been forwarded many times. “Phishing”, trying to trick people out of personal information, sometimes uses programs called e-mail harvesters to track these emails, and save the information in a target list. It’s not just a matter of spam, which is annoying enough, but you could be putting your friends, family and co-workers at risk of identity theft by passing along a phishing scam.

Before phishing attacks were well-publicized, I used to get emails like that all the time. All my friends thought I was a big stick in the mud because I asked them to stop. It took a couple of years before my inbox eventually became manageable. But it was a consistent effort on my part and I have to admit a couple of friends decided it wasn’t worth sending me e-mail period.

You know the emails I’m talking about. Most of them are emotional pleas to help, and we all like to help. But forward an e-mail to everyone you know, and somehow a child in some far-off country you’ve never heard of will be better off? Sometimes they contain inspirational slide shows depicting beautiful scenery, or something of spiritual significance. Sometimes they have interesting information concerning politics, computer safety, world events, most of which are half-truths at best. (A friend sent me one recently that said Mars was going to be as big as the Moon to the naked eye. Wow, really?) Others, in the form of a petition, ask you to sign the e-mail as well by putting down your name and phone number to validate against voter registrations.

If you are interested in whether or not an e-mail contains accurate information, you can always check out Snopes. This site is dedicated to debunking false information in these spam emails. It will come as much of a surprise that most of these are completely false. In fact, if you go there regularly you will be more surprised when something is actually true. And by the way, online petitions don’t mean anything – to be accepted all petitions must contain the signature by hand.

What most people don’t realize is that when they forward these emails to all you, they are usually also sending a copy to an e-mail harvester, a program designed to collect e-mail addresses. Each e-mail address is dropped into a database, and stored for later use. The list may end up in the hands of another spammer, but more frequently they are sold to “phishers” – people who actively try to get your personal information in order to defraud you, or steal your identity. The more information they have, the more authentic they can make the e-mail sound.

Phishers create emails that look quite official. It’s easy enough to steal graphics from someone’s web site, and they collect them from everywhere; UPS, Bank of America, Victoria’s Secrets, you name it. It’s easy enough to delete something if you know what doesn’t apply to you, like if you only use FedEx, you know the UPS thing is a hoax. And of course you know that official notices like subpoenas, summons, warrants and notification of tax audits never come through e-mail. It’s tougher to figure out, though, if the e-mail appears to come from Chase, and I happen to have a Chase account. Clicking on a link in this e-mail takes you to a site that probably looks exactly the same as the authentic site. The only way to be sure is to check the address bar of your web browser. But the safest bet is not to click the link at all. It’s far better to just open up your browser and type in the website.

In other form of phishing uses the telephone, and there’s usually somebody official-sounding on the other end. Sometimes they’re very aggressive, telling you in a very cold, matter-of-fact tone that their job is to notify you that there is a warrant out for your arrest. They might say you’ve missed jury duty, and when you tell them you never received a notice in the mail, they ask you for your Social Security number to verify their information. Often, you are so flustered that you give it to them without even thinking, and then it’s too late. “Oh,” they will say, “I see what the problem is!” Your name must have gotten mixed up with the person above you in the list, they would get the warrant canceled, and they are so sorry for the confusion. They feel badly, and want to make it up to you. They tell you your name comes up next month. They explain jury pay it is now deposited electronically. When you come in next month you will have to stop by and fill out some papers, but they will save you the trouble and do you a favor by going ahead and putting in your bank account information now (but they might explain they are breaking a rule for you in order to do it.)

It’s hard for most of us to imagine anyone would fall for this today. But phishers don’t have to get a big response in order to be successful. If they call for a week and only one person gives them this information, it can be worth thousands of dollars in stolen goods to them. And telephone phishers are just as active as the ones that do spam emails.

Knowing what information to protect, and beening watchful for the 8 types of identity theft are still the best defense you can provide for yourself and your family when it comes to identity theft.

And maybe stop forwarding those emails.

  1. About.com
  2. Money
  3. Identity Theft
  4. Identity Theft 101
  5. Identity Theft and Phishing – Forwarding Email Can Help Phishing Efforts Lead to Identity Theft

©2014 About.com. All rights reserved.