Phishing and pharming
Two words which might be new to you but which you may have run across recently, so here's what they're about.
Phishing is a new type of scam in which you are presented with a message in an email with a link to click, or you may get a popup window. Some of these may simply be spam but scammers know that so they disguise the phishing as a real-looking link or popup. These links may come from something familiar or famous like a bank, the FBI, etc. I even got one from the CIA once. Oh yeah.
The usual bank scenario is something about the urgent need for you to update your online account. That's kind of hard to do if you've never even heard of the bank before. Even if you do get such a message from a bank where you actually have an account the email you received is NOT from your bank. Real banks don't require you to update anything and even if they did it would be from their webpage not from an email. The email may use the bank logo and look real but that just means the scammer can copy a .jpg or .gif file and paste it into the email.
If you click the link you're going to end up in an evil place you don't want to be. That's because the scammer is going to ask you for all kinds of personal information, maybe your credit card info,address, phone number, social security or other identifying number, and so on. The scammer/criminal (or phisher) then has enough information to possibly access your bank account or maybe enough information to get a real credit card in your name. It happens. Hence the best thing to do with such an email is to delete it. It's not real and the bank isn't going to close your account.
Pharming is an even more evil beast. This is when a scammer/criminal actually hijacks the domain name. This can be done a couple of ways. The first is to create a domain name that looks similar to the one of a real bank, company, or governmental entity. You can go there but it's a danger zone and you really don't want to do that. If in doubt, go to http://www.google.com/ and type in the of the bank, etc that you have. If it's a real bank, etc their domain and their real webpage should be about the first thing you find. If you compare the domain name you find with the one you are given by the scammer and they aren't the same, don't go to the one the scammer sent you! Don't open that webpage. Needless to say, if you do, you're going to give away a lot of personal information and that is not good.
Another method of pharming is to actually click something that installs some form of spyware on your computer. Even if you are trying to go to your real bank website the spyware may redirect you to the fake or spoofed website. And if you type in your real information...you can guess what happens, and it's bad.
It is illegal.
Yes, governments have discovered that this is happening and many have made either phishing or pharming a crime with criminal penalties attached, like fines and prison time. In the US that can be a fine of up to $250,000 and/or up to 5 years in prison. (Probably current law but don't quote me on that). Others governments have done likewise. The problem, as always, is enforcement. The phisher/pharmer has to be in that country, it has to be proved that the phisher/pharmer instigated the attacks etc. In the US, a law has also been passed to criminalize identity theft.
What should I do?
The first thing is really simple: delete that email. Don't even open it especially if you don't know that bank. if you do open it accidently, don't click any links in there.
You can also post the email at AFI in the Phishing section here. That's why we put it there.
Another thing is to contact an admin and let us know the fake domain you have received. We can work on those the try and get them killed. This can prevent someone else from becoming a victim of a phishing/pharming attack. It also makes the scammers angry because it costs them money and time to make those fake websites. That's OK by me.
"If the law can do nothing we must take the risk ourselves...I am not the law but I represent justice..."- Sherlock Holmes