Protect Yourself from Phishing
The term phishing may be new to you, but it's one that anyone using the Internet is well advised to become acquainted with. Phishing is a new, high-tech variation of an old scam that tricks people into providing a malicious person with such information as their Social Security number, credit card numbers, passwords, or bank account information. The malicious person can then use that information to make purchases, apply for a credit card, or to steal the other person’s identity.
Here's how phishers operate: phishers send a phishing lure – a spam e-mail or a pop-up – that purports to be from a legitimate business or organization, such as an Internet Service Provider, bank, insurance agency, online retailer, or a government agency. The message imitates the legitimate business, often copying the company logo and employing authentic-looking web addresses in its links. Once someone clicks on the message’s link to the phisher’s phony web site, the phisher tries to get the unsuspecting person to divulge personal information, often under the guise of verifying data.
For example, a phisher sent an e-mail to consumers stating that there had been a problem with the billing of their AOL account and provided them with a link to a web site that asked them for a new credit card number and other personal information. The phisher used that information to charge online purchases and open PayPal accounts, and recruited others to participate in his scheme by accepting fraudulently acquired merchandise that he had ordered for himself.
In another case, many eBay customers received an e-mail message informing them that their eBay account had been compromised. The message contained a link to a legitimate-looking web site where they were asked to resubmit their credit card information, ATM PIN numbers, Social Security number, date of birth, and mother’s maiden name. The trouble was, the e-mail message wasn’t sent by eBay, and the web site didn’t belong to eBay.
The October, 2004 issue of CSO magazine has some additional tips for a "spoof-proof life" in an article written by Alice Dragoon.
Here's how phishers operate: phishers send a phishing lure – a spam e-mail or a pop-up – that purports to be from a legitimate business or organization, such as an Internet Service Provider, bank, insurance agency, online retailer, or a government agency. The message imitates the legitimate business, often copying the company logo and employing authentic-looking web addresses in its links. Once someone clicks on the message’s link to the phisher’s phony web site, the phisher tries to get the unsuspecting person to divulge personal information, often under the guise of verifying data.
For example, a phisher sent an e-mail to consumers stating that there had been a problem with the billing of their AOL account and provided them with a link to a web site that asked them for a new credit card number and other personal information. The phisher used that information to charge online purchases and open PayPal accounts, and recruited others to participate in his scheme by accepting fraudulently acquired merchandise that he had ordered for himself.
In another case, many eBay customers received an e-mail message informing them that their eBay account had been compromised. The message contained a link to a legitimate-looking web site where they were asked to resubmit their credit card information, ATM PIN numbers, Social Security number, date of birth, and mother’s maiden name. The trouble was, the e-mail message wasn’t sent by eBay, and the web site didn’t belong to eBay.
The October, 2004 issue of CSO magazine has some additional tips for a "spoof-proof life" in an article written by Alice Dragoon.
- Be suspicious of e-mails that don’t greet you by name. A message that says "Dear eBay Customer" is probably not from eBay.
- Ask yourself, Why is the company e-mailing me about this? If you have any doubts, call the company.
- Don’t click on attachments, which could contain viruses or spyware, which records where you go online and captures any passwords or credit card numbers you type online.
- Look for "https:" in the URLs displayed in your browser’s address bar. The "s" stands for "secure." If you don’t see it, you’re not in a secure Web session and should not enter any personal or financial data.
- If you see an "@" symbol in the middle of a URL, there a good chance it’s a phishing site, as legitimate companies use the domain name in their Web address (www.companyname.com) and don’t have an "@" symbol in their URL.
- Maintain up-to-date firewalls and security patches.
- If your information is compromised, get a fraud alert placed on your credit report.
More information about phishing
The Federal Trade Commission Identity Theft Information - http://www.consumer.gov/idtheft
FTC Consumer Report - http://onguardonline.gov/phishing.html
The Anti-Phishing Working Group - http://www.antiphishing.org
Microsoft’s recommendations - http://www.microsoft.com/athome/security/email/phishing.mspx
