Phishing to Catch you Hook, Line, and Password

Identity theft is the fastest growing crime in America. Sure it is. And you've heard that so many times the words lull you to sleep.

But wait. Before you nod off again, listen to this: You are more vulnerable today than ever before. While you've been snoozing, identity thieves have been working tirelessly to come up with slicker ways to rip you off.

It's time to wake up. Pay attention!

Identity thieves do their dirty deeds by phishing on the Internet. Phishing is the term coined by hackers who imitate legitimate companies. They send out personal emails that appear to be from trusted financial institutions like your bank or credit card company. But when you respond you're taken to a bogus site that appears to be official, but in truth collects account numbers and passwords.

Nearly two million Americans had their checking accounts raided in 2004 as a result of phishing. The average loss per incident was a whopping $1,200-more than $2 billion total in a single year.

Your first reaction may be to close your accounts, cut up your credit card and return to the personal finance dark ages. But truth be told, there are plenty of ways for thieves to access your traditional checking account, steal you blind and assume your identity. It's not only the Internet where identity thieves hang out.

Personally, I enjoy the convenience of conducting my finances online. It makes more sense to beef up my personal security and take precautionary steps than to go back in time.

These are the steps you should take to make sure your personal accounts are not compromised:

Learn to spot a phish. These are unsolicited messages from trusted banks, retailers and other companies asking you to do something. Citibank is targeted more than any other business.

Don't click. If you receive an unexpected email saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the email message. Email links within instant messages, Web message boards and Internet relay chats (IRC) also can be malicious.

Look for the "S." Before submitting personal information, look at the address bar on the page where you type your information. It should start with https://. If you see only "http://" on that page (not that site's home page), do not proceed. "S" is for "secure" and assures you that your information is safe.

Verify. If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

Call immediately. If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.

Don't expose yourself. Never use a public computer or wireless "hot spot" for financial transactions.

Stay current. Beef up your security. If you run Windows (who doesn't?) run Windows Update (or similar if you don't) to keep current on the latest security patches. Go to, click on "Internet Explorer" then "Using Internet Explorer" and "Security and Privacy."

Block pop-ups. Pop-ups can install hackers' software on your computer. Many Internet service providers now have pop-up blocking software built in, or you can get blocking software from sites such as