I mentioned phishing recently. I just got a phishing attempt in one of my email accounts so I have a good example to show.
The following email looks like it might be from eBay, but it is from an Internet criminal. The links in phishing emails usually lead to fake web sites where you are tricked into giving your credit card or other financial information. Notice how the email describes how you will need to update your credit card information.
Because this email is addressed to "eBay user" and not my real name, I know it is probably fake. Another clue that it is fake is that I don't have an eBay account. If I couldn't determine whether it were real or not, I would open a browser and type in http://www.ebay.com and login on the actual eBay site. Never click on links in these kinds of emails.
Phishing is a common form in Internet fraud, where criminals send you an email (for example) that pretends to be from a bank, PayPal, eBay, Amazon.com, or another web site. The emails often say things like, "Your password has been compromised. Please click here to login and update your password."
If you click on the link you are taken to a fake web site that looks just like the real thing. The criminals hope that you will enter your password and credit card information into their fake web site.
In a twist on the common form of phishing, a scam has been spotted where the criminal's web site asks you to type in your two-factor authentication code (example) and it automatically logs into your bank account with your credentials.
According to a Federal Trade Commission Report, "Internet-related complaints accounted for 46 percent of all fraud complaints."
In contrast, a study by Javelin Strategy and Research indicated that 9% of identity theft comes from malware and hacking. The Javelin study suggests that most identity theft happens offline, but that online identity theft can be more severe and harder to figure out:
"...per-incident losses for online fraud have increased from an average of $2,897 in 2004 to an average $6,432 in 2005 (an increase of 122 percent)...
Phishing scams also seem to take longer for victims to figure out: the average length of misuse of personal information resulting from a phishing scam was found to be 173 days. Personal information stolen by friends, family, or employees was misused for an average of 134 days, while lot or stolen credit cards were misused for an average of 75 days."
For more information on identity theft, visit the Federal Trade Commission's identity theft web site.