Identity theft is the fastest growing crime in the world and it doesn't happen to only private individuals, businesses can have their identity hijacked as well. One of the common tactics used by identity theft fraudsters is phishing.
Phishing occurs when a fraudster sends a fake email purporting to come from a legitimate business (banks, credit card companies, government departments, PayPal, and eBay are popular choices) that includes a request for personal identity details. The explanation will sound very plausible, such as to verify your identity with the organisation. It usually includes a threat to prompt you to take action - "We will have no choice but to suspend your account" or similar. When you follow the link it takes you to a site that looks like the genuine one, but is in fact a copy created by the fraudster. As you put your details in it logs them and allows the fraudster to use them to access your account on the genuine site or use your details for fraudulent transactions elsewhere.
Business owners, or their employees, who fall for one of these scams and supply business related identity data (a business registration number or business credit card details, etc) have supplied the fraudster with valuable information. The phisher has, in effect, stolen their identity. For a business, that can be very bad news. Fraudsters can use this information to open bogus accounts in the name of the business or even, in extreme cases, set up a clone of the company and run up debts in its name. Business identity theft often damages or destroys the victim's credit rating and, in the process, the business itself. Not only does it face problems with creditors and vendors, it could also find itself unable to fill orders and conduct business normally, potentially losing customers along the way. If the business has allowed customer information to be stolen then they must be notified and that admission won't make for good publicity or do anything for customer loyalty.
Some things you can do to prevent phishers landing you:
Don't fall for a phishing email
Even if you think a request for information may be legitimate, don't click the links in the email to visit a website in case it leads to a phishing site. Instead, type the website's address by hand to ensure that you go to the organisation's real site. If you do have an existing relationship with the supposed originator of the email then call the organisation to confirm that the email is legitimate before responding.
Create strong passwords
A strong password includes a combination of numbers, capitalised letters and symbols. It should NEVER include whole or partial pieces of identity data such as driver's licence number, name or birth date. Having created strong passwords, get into the habit of changing them periodically.
Don't use unsecured computers
The computers you find at Internet cafés, libraries, in hotel rooms and the like should automatically be assumed as unsafe for the transfer of identity data. Wi-Fi networks present even more opportunities for identity thieves. The easiest way to protect a Wi-Fi network at home is to not broadcast the Service Set Identifier. Sending identity data over a public Wi-Fi connection is simply a no-no.
Guard your data
To be protected across the board a computer must have good anti-virus software, as well as anti-spyware and firewall protection. Keep them updated — scammers are constantly devising new attack methods and constant vigilance is necessary to stay safe.
Only transfer information over a secure server
Ensure that websites you transfer identity data to are utilising an encryption system. Look for the ‘lock' icon on the status bar at the bottom of your browser window. In addition, check the beginning of the URL or web address — if it starts with ‘https://,' rather than just ‘http://,' you're on a secure server. Data is then encrypted as it is being transmitted so that, even if it is intercepted, it can't be read.
Think you've been hooked - here's what to do
The best way to prevent identity theft is to stay active and aware. Review your bank accounts and credit card statements each month for any suspicious activity and immediately investigate anything that seems odd. If you believe you have been the victim of phishing then alert your local law enforcement officials, bank, and credit card agency immediately so they can investigate the incident. It's important that the compromised accounts are watched or closed to prevent further fraudulent transactions using them.