Phishing - How To Avoid Being A Victim
So what is Phishing? Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information. The word phishing was used as an analogy to fishing for fish in a lake. You drop the line and hope a fish bites. With your computer, hackers drop the line and hope that you take the bait.
Typically you will get an email claiming to be from a legitimate organization telling you that there is a problem with your account that you need to fix immediately. Here is a typical phishing email:
In this example they want you to respond to the email. In other examples, a web link is included for you to click on that is suppose to take you to the legitimate site to update the information. In both instances, they are fake. If you respond to the email, you are essentially mailing your personal information to a hacker. In the second instance, you are going to the hacker's website and giving it to him that way.
Phishing Prevention:
-
Try to stay off spam lists. Don't post your e-mail address on public sites. Create an e-mail address that is less likely to get included in spam lists. For instance, instead of bobsmith@xyz.com, use bob.smith.az@xyz.com.
-
If an e-mail looks reasonable contact the company directly if you receive an e-mail asking you to verify information. Type the address of the company into the address bar directly rather than click on a link. Or call them, but don't use any phone number provided in the e-mail.
-
Don't give out personal information requested via e-mail. Legitimate companies and agencies will use regular mail for important communications and never ask customers to confirm log-in or passwords by clicking on links in e-mail.
-
Look carefully at the Web address a link directs to and type in addresses in the browser for businesses if you are uncertain.
-
Don't open e-mail attachments that you did not expect to receive. Don't open download links in IM. And don't enter personal information in a pop-up window or e-mail.
-
Make sure you are using a secure Web site when submitting financial and sensitive information.
-
Change passwords frequently. Don't use the same password on multiple sites.
-
Regularly log into online accounts to monitor the activity and check statements.
-
Use antivirus, antispam, and firewall software and keep your operating system and applications up-to-date.