Been Phishing Lately?

Phishing is the attempt by an unknown, devious party to get you to give your personal information, such as user, password, social security number, credit card number, etc. You are probably saying, "I would never do that, I am not that dumb." You may not be dumb, but phishers are pretty smart. You probably have seen their emails. Many have a subject that reads like this:

  • Your eBay account has been suspended.
  • Paypal has a gift for you for updating your information.
  • Citibank would like you to update your account.
  • Bank of America security notice - your account has been compromised.
  • Your credit card has been stolen; log-in to your account immediately.

The subject of the email might read as follows (taken from emails I actually received):

  • Your account will be suspended unless you immediately update your information to conform with the company's new anti-fraud measures.
  • We believe someone has been forwarding money to terrorists from your account. Please log-in immediately.
  • A small portion of our database was corrupted, including possibly your account information, please visit our web site to make your data is correct.
  • Your checking account is frozen until you update your account with the most current information. Failure to do so will result in closing your account. Respond in 24 hours.
  • Thank you for taking the time to update your account. As our thank you, we will credit $10 to your account when you are finished. Thanks for trusting us and guarding the security of your account.

Then the body of the email has the logo and address of eBay or the corresponding bank.

Even the link might say "ebay.com/security.html" yet the actual URL is an IP address of numbers (something like 216.25.89.06), which goes to an overseas web site. When you click on the link and arrive at the site, you will find that the fraud perpetrators have copied the eBay or bank site exactly, EXCEPT it is on the server of the phishers. So when you go to log in, they get your user name and password. Then you assume you have successfully logged in as you are directed to an "Update your account information" whereby you might enter your mother's maiden name, social security number, and other sensitive data. You do this thinking, because it looks like the bank site, that you are actually on the real site.

Next thing you know, you are getting calls from your bank and credit card company about excessive charges, credit lines being applied for and wire transfers. You've been phished!!

If you think it can't happen to you, it can. My neighbors both are professionals with college degrees, yet they unknowingly responded to what they believe was an inquiry from their bank. They entered a substantial amount of personal information and two days later had an urgent call from their bank detailing a massive amount of action in their account.

Could Phishing Get Any Worse?

For my neighbors, it actually got worse... Apparently when they went to the phish-site, a key logging program was secretly uploaded and installed on their computer. All of their keystrokes were being captured and sent to the phishers. The keystroke software is designed to recognize a credit card sequence of numbers, so even though the neighbors never gave their credit card numbers to the phish web site, they subsequently bought something online using entered their credit card. The credit card numbers, complete with expiration date and address, were sent to the phishers as well. Within minutes the phishers were using my neighbor's credit card and ordering items to be sent to small cities in Poland and Russia.


 

In some cases the phishers gain access to your email account and re-route your email to them so they can remove any alerts, then resend the emails to you so you don't know your email has been compromised.

How Phishing Hurts Your Online Mortgage Business.

Now how does this relate to your mortgage web site? As more people learn about phishing, they become less trustful of sites asking for sensitive personal information, such as the specific data your mortgage company might require. It may cause potential applicants to not want to complete comprehensive online forms, especially if the form in not secure (a secure page starts with https://). If a customer feels unsure about your site, they might just leave.

We are suggesting that our clients install basic forms with just enough information to allow the initial contact from the customer to the company. We then suggest a follow-up call or email from the company to help assess the customerís specific needs. Once the confidence level is established, you can email your comprehensive online form URL and have a greater probability that the customer will complete it.

There is another advantage to initially offering a short form: you will get more potential customers to apply. It is easy, fast and poses a minimum amount of risk for the visitor.

Has Your Computer Been Compromised?

It is possible that you have had key logging or adware (spyware) software installed on your home or business computer without your knowledge. Some possible signs that you have been compromised:

  • Your computer is running slower than normal.
  • You have pop-up blocker software, yet you still get pop-ups.
  • Your normal home page when you open your browser has changed, without you changing it.
  • You have an additional toolbar showing at the top of your browser allowing you to search the net.
  • Mysterious search results appear that are unrelated to what you searched for, i.e. casino or sex related sites.

What Can You Do To Check Your Computer?

In addition to your anti-spam program for your email, you can install anti-spy software. We run two sets on anti-spy software on our company computers. One is a top-rated program and the other is by one of the largest software companies in the world. Surprisingly, (maybe not so surprisingly) they each has found spyware that the other failed to find. Both of these programs are being updated almost weekly to keep pace with the spyware programs. We have both programs auto-run every night at 3 a.m. to check for new additions.

We also switched over all of our browsers to Mozilla FireFox as most of the spyware programs exploits flaws in the Microsoft Internet Explorer browser.

I suggest that you do NOT do a search for anti-spy software at a search engine because many phishing companies create fake anti-spy sites so when you go there they can upload spy software to your computer. Instead, find the online versions of computer magazines and read reviews to determine which software is best for you.

By understanding the problems that face your potential customers and their internet experiences, you can better design your web site and respond to their concerns. In this way you can land the big one without being phished.

*************************************************************

Rod Aries and Robert Farris are co-founders of MortgagePromote.com, a leading Internet marketing provider to corporate mortgage clients.

 Web site:  www.mortgagepromote.com

 

  


Mortgage Promote.com

Contact Us

Copyright © 1998 -

Site Map