Been Phishing Lately?
Phishing is the attempt by an unknown, devious party to get you
to give your personal information, such as user, password,
social security number, credit card number, etc. You are
probably saying, "I would never do that, I am not that dumb."
You may not be dumb, but phishers are pretty smart. You probably
have seen their emails. Many have a subject that reads like
- Your eBay account has been suspended.
- Paypal has a gift for you for updating your information.
- Citibank would like you to update your account.
- Bank of America security notice - your account has been
- Your credit card has been stolen; log-in to your account
The subject of the email might read as follows (taken from
emails I actually received):
- Your account will be suspended unless you immediately
update your information to conform with the company's new
- We believe someone has been forwarding money to
terrorists from your account. Please log-in immediately.
- A small portion of our database was corrupted, including
possibly your account information, please visit our web site
to make your data is correct.
- Your checking account is frozen until you update your
account with the most current information. Failure to do so
will result in closing your account. Respond in 24 hours.
- Thank you for taking the time to update your account. As
our thank you, we will credit $10 to your account when you
are finished. Thanks for trusting us and guarding the
security of your account.
Then the body of the email has the logo and address of eBay
or the corresponding bank.
Even the link might say "ebay.com/security.html" yet the actual
URL is an IP address of numbers (something like 216.25.89.06),
which goes to an overseas web site. When you click on the link
and arrive at the site, you will find that the fraud
perpetrators have copied the eBay or bank site exactly, EXCEPT
it is on the server of the phishers. So when you go to log in,
they get your user name and password. Then you assume you have
successfully logged in as you are directed to an "Update your
account information" whereby you might enter your mother's
maiden name, social security number, and other sensitive data.
You do this thinking, because it looks like the bank site, that
you are actually on the real site.
Next thing you know, you are getting calls from your bank and
credit card company about excessive charges, credit lines being
applied for and wire transfers. You've been phished!!
If you think it can't happen to you, it can. My neighbors both
are professionals with college degrees, yet they unknowingly
responded to what they believe was an inquiry from their bank.
They entered a substantial amount of personal information and
two days later had an urgent call from their bank detailing a
massive amount of action in their account.
Could Phishing Get Any Worse?
For my neighbors, it actually got worse... Apparently when they
went to the phish-site, a key logging program was secretly
uploaded and installed on their computer. All of their
keystrokes were being captured and sent to the phishers. The
keystroke software is designed to recognize a credit card
sequence of numbers, so even though the neighbors never gave
their credit card numbers to the phish web site, they
subsequently bought something online using entered their credit
card. The credit card numbers, complete with expiration date and
address, were sent to the phishers as well. Within minutes the
phishers were using my neighbor's credit card and ordering items
to be sent to small cities in Poland and Russia.
In some cases the phishers gain access to your email account and
re-route your email to them so they can remove any alerts, then
resend the emails to you so you don't know your email has been
How Phishing Hurts Your Online Mortgage Business.
Now how does this relate to your mortgage web site? As more
people learn about phishing, they become less trustful of sites
asking for sensitive personal information, such as the specific
data your mortgage company might require. It may cause potential
applicants to not want to complete comprehensive online forms,
especially if the form in not secure (a secure page starts with
https://). If a customer feels unsure about your site, they
might just leave.
We are suggesting that our clients install basic forms with just
enough information to allow the initial contact from the
customer to the company. We then suggest a follow-up call or
email from the company to help assess the customerís specific
needs. Once the confidence level is established, you can email
your comprehensive online form URL and have a greater
probability that the customer will complete it.
There is another advantage to initially offering a short form:
you will get more potential customers to apply. It is easy, fast
and poses a minimum amount of risk for the visitor.
Has Your Computer Been Compromised?
It is possible that you have had key logging or adware (spyware)
software installed on your home or business computer without
your knowledge. Some possible signs that you have been
- Your computer is running slower than normal.
- You have pop-up blocker software, yet you still get
- Your normal home page when you open your browser has
changed, without you changing it.
- You have an additional toolbar showing at the top of
your browser allowing you to search the net.
- Mysterious search results appear that are unrelated to
what you searched for, i.e. casino or sex related sites.
What Can You Do To Check Your Computer?
In addition to your anti-spam program for your email, you
can install anti-spy software. We run two sets on anti-spy
software on our company computers. One is a top-rated
program and the other is by one of the largest software
companies in the world. Surprisingly, (maybe not so
surprisingly) they each has found spyware that the other
failed to find. Both of these programs are being updated
almost weekly to keep pace with the spyware programs. We
have both programs auto-run every night at 3 a.m. to check
for new additions.
We also switched over all of our browsers to Mozilla FireFox
as most of the spyware programs exploits flaws in the
Microsoft Internet Explorer browser.
I suggest that you do NOT do a search for anti-spy software
at a search engine because many phishing companies create
fake anti-spy sites so when you go there they can upload spy
software to your computer. Instead, find the online versions
of computer magazines and read reviews to determine which
software is best for you.
By understanding the problems that face your potential
customers and their internet experiences, you can better
design your web site and respond to their concerns. In this
way you can land the big one without being phished.
Rod Aries and Robert Farris are co-founders of MortgagePromote.com, a leading Internet marketing provider to corporate mortgage clients.
Web site: www.mortgagepromote.com