What is Cyber-Phishing?
"Phishing" can be defined as the relatively new phenomenon of sending mass numbers of e-mail messages to Internet users in an effort to fraudulently obtain personal information. The most common form of phishing involves emails pretending to be from a legitimate retailer, bank, organization or government agency. Frequent examples include paypal, ebay, financial institutions, banks - entities known to have a significant online customer base. The sender may ask you to "confirm" your personal information for some made-up reason; your account has been closed, an order for something has been placed in your name, your information has been lost due to a computer error, etc. A phishing email will contain a concocted story designed to lure you into taking an action such as clicking a link or button in the email or perhaps calling a phone number and providing or confirming personal information.
How to Spot a Phishing Email
There are many telltale signs, but here are some of the most common:
- Generic email greeting. A typical phishing email may address you in a generic fashion, such as "Dear User:"
- Sender's Email Address. The address that the email is "From" may include an official looking one (possibly copied from the genuine business or entity). Be aware that email addresses can be easily altered and are not necessarily indicative of the validity of the sender.
- It Requests a Quick Response. Most phishing emails are written with a false sense of urgency attempting to convince you that your account will be "in jeopardy" if you don't perform a particular action immediately.
- A False Link or Website. Many of these phishing emails contain a link that looks valid to connect you to the "Subject" site, but directs you to a fraudulent site that may or may not have a URL different from the link provided. Even though the email looks like the "real deal", complete with authentic logos and working web links, it may well be just a clever disguise. See below for help in identifying a false website link.
- Attachments. Only open attachments if you are expecting them and know what they contain. Even if the message looks like it came from someone you know, they could be from phishers and contain programs that may steal your personal information.
How Can I Avoid being a Victim of Phishing?
Remember, when it comes to phishing, you are in control. To protect your financial and identity information, simply ignore all email requests for information. Other tips include:
- Keep your security software current. Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall and keep them up to date. A spam filter can reduce the number of phishing emails you get. To learn more about internet security measures, go to www.onguardonline.gov or www.staysafeonline.org.
- Password Smarts. Be smart about choosing your passwords; change them often, and choose uncommon passwords that include numbers, letters and symbols.
- Go to Actual Websites; don't use links. If you think the email message is legitimate, do not click on the link provided in the email to get to the website. Instead, go to the actual Web site by entering the URL for the home page, and look for the supposed legitimate Web page within the site to confirm.
- Report Phishing Emails. Many of the companies that phishers commonly use to attempt to obtain your information will investigate emails forwarded to them from targeted victims. Ebay and Paypal are good examples, and this wil benefit all intended victims and helps stop identity theft. You can also report the problem to law enforcement agencies through the National Fraud Information Center/Internet Fraud Watch, www.fraud.org or 1-800-876-7060.
- Security Freeze placed on Account. Look into having a security freeze placed on your credit files to help prevent credit information from being disclosed to open a new account without your explicit consent.
- Never enter personal information in a pop-up screen. Legitimate companies, agencies and organizations don't ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
- Phishing also happens by Phone. Be suspicious if you get a call from someone pretending to be from a company or government agency, and asking for personal information. Particularly if you are contacted out of the blue; it's a sign something is "phishy".
- Ask yourself if it makes sense. If this company already has your personal information, they would not request what they already have on file.
Tips on Identifying a False Website Link
Hold your mouse over the link in your email, but DO NOT CLICK ON IT. As per the illustration below, you will see where the link goes in the left bottom corner of the browser or your email software window.
For example, if the email is regarding a paypal matter (though Paypal RARELY sends out email with a link back to their website), a SAFE link to paypal would be:
something.paypal.com
Why is this safe? Because the "paypal" part of the link is located immediately next to the ".com" part of the link and "paypal.com" are the last letters in the link.
An unsafe link is something like:
something.paypal.com.add-me.net
Why is this UNsafe? Even though the "paypal" part of the link is located immediately next to the ".com" part of the link, the the "paypal.com" are NOT the last letters in the link. This means that the link is going to the website of "Addme.net", where most likely malicious code resides, or there is a form which mimicks a form on Paypal requesting your information.
Do you have a question you feel we haven't answered?
For a small fee, you can talk to a counselor on the phone or Buy the Book!
|
