In cyberspace, avoid phish hook

So-called phishing messages are the latest cyberspace scam, and they are surging with a vengeance into e-mail boxes across the country. By sending phony e-mails to thousands of electronic mailboxes, cyber crooks hope to lure you to a fraudulent — or spoofed — Web site where you'll be tricked into divulging personal information, such as your password and account number.

The Anti-Phishing Working Group, whose members include banks, Internet service providers and technology vendors, recorded 1,142 phishing sites last October, and it says that spoofed sites are multiplying at a rate of 25 percent per month.

There are measures you can take to guard against e-mails that aim to delve into your accounts.

"All the verities of computer hygiene are more important than ever," says Peter Cassidy, secretary general of the Anti-Phishing Working Group. That means having a firewall plus loading antivirus and anti-spyware programs on to your computer.

In addition, here are some tips that can help:

• Ignore e-mails urgently requesting personal information. If PayPal really needs to update your expired credit-card number, for instance, you'll be able to take care of it the next time you make a transaction.

"If you're suspicious, just delete it," says Sara Bettencourt, a spokeswoman for PayPal. "We'll get to you some other way."

• Never go to an online site by clicking a link in an e-mail. Open your browser and type in the company's home-page address.

• Be wary of e-mail offers that seem too good to be true, such as merchandise with unusually low prices and "free" items with small shipping fees. They, too, could be credit-card-number traps.

• Change your passwords frequently so that they'll be out of date if it takes weeks or months for thieves to use your data or sell it to others.

• Check your statements regularly and report fishy transactions right away. Theft from online accounts generally falls under Federal Reserve Regulation E, which says that financial institutions must limit your liability to $50 if you report a loss within two days of receiving your statement and to $500 if you report it within 60 days. In practice, most banks — as well as providers of electronic transfers, such as PayPal — reimburse customers in full when their accounts are raided in a phishing fraud.

• If you've taken the bait, call the company that's been spoofed and report the incident right away. If you're prompt, you can normally change your password or account number in time to stop unauthorized transactions.