Bank of Costa Rica Target Of Phishing Scam
About 150 account holders of the Bank of Costa Rica (BCR) fell for an Internet phishing scam and gave their personal information in response to a fraudulent e-mail that originated from China, officials said Friday.

The bank posted a warning on its Web site on Friday after detecting the scam late Thursday, officials said.

The bank told its customers not to respond to e-mails asking them to send their personal bank information and clients should always go to the official Web site.

Security expert Christian Vargas told the Spanish daily newspaper, La Nación, that the e-mail, which had lifted code from the bank's Web site, originated from China.

Bank manager Mario Rivera said that they have not received any complaints from people who responded to the e-mail, but he said his institution was looking into any possible damage it may have caused and will compensate those affected.

Phishing  - is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The e-mail directs the user to visit a website - almost identical to the legitimate website that is being targeted, where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

The Web site, however, is bogus and set up only to steal the user's information.

Ebay, Paypal and some of the large U.S. banks are constant sources for Phishing, as internet users are constantly being bombarded with the bogus emails, asking customers to update their information or risk having their account blocked.

The "phisher" counts on the e-mail being read by a percentage of people who actually had listed credit card numbers with the targeted institution.

Phishing, also referred to as brand spoofing or carding,the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

The damage caused by phishing ranges from loss of access to email to substantial financial loss. This style of identity theft is becoming more popular, because of the ease with which unsuspecting people often divulge personal information to phishers.

The BCR case is the first time phishing has been used in Costa Rica.

There are several different techniques to combat phishing, by augmenting password logins and alerting users to fraudulent websites. However, the best defense is to be on the look out for emails that ask for personal and confidential information.

You can easily detect an email that is phishing for your information by clicking on the link contained in the email and paying attention to the URL address on your browser. If the URL is not directed to your financial institution's websit.

The Banco de Costa Rica website is located at www.bancobcr.com, for example, and any redirection to a website that is not to the www.bancobcr.com is a fraudulent and site and you are being targeted as a potential victim.

How to tell if an e-mail message is fraudulent
Here are a few phrases to look for if you think an e-mail message is a phishing scam.

"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.

If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond: this phishing scam. To learn more, read Fraudulent e-mail that requests credit card information sent to Microsoft customers.

"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.

"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.