NPR: How the 'Phishers' Almost Got Me

How the 'Phishers' Almost Got Me

It was that close — I was one mouse click away from possibly having my identity stolen. I had entered my user name into what I thought was my online bank account. Then at the last second, I happened to glance at the URL of the site I was visiting. It was not my bank's Web address, even though it looked just like my bank's home page. I realized that I was being scammed. I closed the browser window and thanked my lucky stars.

"Phishers" will do anything to steal the information they need to get into your bank account or into your credit cards. They almost got me because I wasn't paying attention one day and got careless.

Morning Edition's John Ydstie talked to me today about my "escape" and what people need to do to reduce their chances of falling into the evil clutches of these thieves.

Have you ever fallen victim to a scam? Any suggestions on how to avoid them?

9:02 AM ET | 08-24-2007 | permalink

Comments (Send a comment)

One tip that should be added to the list is to never click on a link in e-mail. Go to the site through your regular bookmark. If you really need to reset your password or pay a bill, you will find out about it there.

Sent by Steven Simon | 9:17 AM ET | 08-24-2007

I've fallen victim to this scam. As a customer of an online bank I once mistyped the domain of my bank by a single letter and entered my id/pw. Luckily, after the submit I realized that I had been a phishing victim since some of the images on the site were broken.

I called my bank immediately to report the issue and changed my password as well. Luckily, no one was able to steal any of my money.

Regarding the response of my bank to this incident - I was not terribly pleased with their response. They were slow to respond to my notification about this problem and didn't treat this issue with the seriousness that I felt it deserved.

Sent by Ed P. Gackston, III | 12:16 PM ET | 08-24-2007

Banks could put a stop to password stealing by phony websites if they made better use of the security infrastructure they already employ. The technology that secures your session uses something called Public Key Cryptography. Right now the bank has keys your browser can verify, but you probably don't have keys they could verify. If your bank issued a unique key pair to you with your online account, you could prove your possession of the keys without ever sending *any* secrets over the internet -- your password is used to unscramble your private key and never leaves your computer. I don't understand why banks aren't insisting on this.

Sent by Mark Wood | 11:10 AM ET | 08-25-2007

Unfair and deceptive acts against consumers, per the FTC ACT, include non-compliance with GLBA (Gramm-Leach-Bliley Act) whereby banks and credit unions are directed to (1) prevent fraudulent domain names and related fake web sites, email spam and phishing - all forms of corporate identity theft - and (2) post accurate privacy and security statements. Corporate Identity Theft, per the President's Identity Theft Task Force Report, is rampant due to non-compliance with GLBA thus exposing consumers to Unfair and Deceptive Acts. Boards of Directors are ultimately responsible for compliance and they are failing in this regard.

Sent by Beckwith B. Miller | 2:24 PM ET | 08-29-2007

Send a Comment

Comments are reviewed and edited by NPR prior to display. All comments will be read, but not all will be posted.

NPR reserves the right to read on the air and/or publish on its Web site or in any medium now known or unknown the e-mails and letters that we receive. We may edit them for clarity or brevity and identify authors by name and location. For additional information, please consult our Terms of Use.

E-mail this Page

Recipient's e-mail address:	» Up to twelve addresses, separated by commas.
Your e-mail address:
Your name:
Personal message (optional, 600 characters max):
Your NPR member station:	» List of local stations (PDF)
Are you a member of your local NPR station?	Yes No
Would you like to receive information from your local NPR member station? (see NPR's privacy policy)	Yes No
May we contact you with information about NPR programming and services? (see NPR's privacy policy)	Yes No

(Information collected by NPR will be used solely for internal NPR or NPR member station purposes and only if you selected 'yes' above. See NPR's privacy policy for more information.)

Tom Regan

Blogger

About Us

This year's election cycle has been one of the most exciting in memory. At the NPR News Blog we'll do our best to bring you interesting, informative -- and controversial -- stories from our own reporters and bloggers, as well as the rest of the best of the Internet and blogosphere. And we hope you'll let us know what you think as well.

Want to learn more? Be sure to read our Frequently Asked Questions and our discussion guidelines.