What is “Phishing”
Phishing is the attempt to acquire sensitive information such as usernames, passwords, credit card details or other sensitive personal information by masquerading as a trustworthy entity via e-mail. Electronic communications purporting to be from popular web sites, payment processors, Banks, or other organizations and businesses, are commonly used to lure unsuspecting victims. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Before the advent of the internet, many of these scams were carried out by corrupt telemarketers, which were known as phone scams or marketing scams. Since the creation of the Internet and electronic communication, this scam now continues online. AVOID GETTING HOOKED!
Have you received emails with something similar to the following?
1) “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity…”
~OR~
2) “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information…”
~OR~
3) “Attention: We received an unusual Response code from this email address requesting for deactivation…Warning!!! In failure to verify your email account within 48hrs on receiving this notification, your account will automatically be deactivated…”
These are all examples of a scam called “phishing” — which involve Internet fraudsters who send spam or instant messages to lure personal information such as: credit card numbers, bank account information, Social Security number, passwords, or other sensitive information from unsuspecting victims.
Some scammers send an email that “appears” to be from a legitimate business or a place you have done business with, asking you to call a phone number to update your account or access a “refund” or asks you to click a link to update or confirm your personal information. Most use a phone system called VOIP, or Voice over IP, which allows them to hide their true phone number and does NOT accurately reflect where the scammers are coming from.
If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. Do NOT respond to emails you receive that appear supicious. AVOID GETTING HOOKED!
* Do NOT reply to the email or instant messages asking for your personal or financial information.
* Do NOT click on links within the email or instant message.
* DO NOT cut and paste a link from any suspicious message, into your Web browser — phishers can
make a link look like it goes to one place, but in actualality they can send you to a different site.
* Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Update your software regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that offer updates. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources.
It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit. (ZoneAlarm, Ad-Aware anti-spyware, AVG Anti-virus)
* Do NOT reply to the email or instant messages asking for your personal or financial information.
* Do NOT click on links within the email or instant message.
* DO NOT cut and paste a link from any suspicious message, into your Web browser — phishers can make a link look like it goes to one place, but in actuality they can send you to a different site.
* Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Update your software regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that offer updates. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit. (ZoneAlarm, Ad-Aware anti-spyware, AVG Anti-virus)
* Do NOT email personal or financial information to anyone. Email is VERY INSECURE.
* If you order online using your credit card or personal information, be sure the URL is secure (”https://)
This “s” stands for secure.
* Take the time to review your credit card and bank account statements as soon as you receive them to check for unauthorized charges.
* Be cautious about opening an attachment or downloading files from emails you receive, regardless of who sent them. (Often times, you, or people you know, have been hacked and do not even know it. It is NOT uncommon to have an email APPEAR to be coming from someone you know OR a legitimate company, but in fact it is NOT. Sometimes what is posted in the Return address, could be a coverup, unbeknownest to the legitit person or company that is displayed in the return address. Be Aware!)
* Forward the “phishing emails” to http://www.ftc.gov/opa/2004/07/newspamemail.shtm – AND to whoever the company, bank, or organization that was impersonated in the phishing email. There are anti phishing groups, ISPs, security vendors, financial institutions and law enforcement agencies that use these reports to fight phishing.
* You should harden all of your passwords by using a combination of letters and numbers in your passwords. Using upper and lowercase letters as well as numbers is even better. Hackers run what can be called, dictionary attacks, with special software, so you should avoid using only letters in your passwords.
(The examples listed above can be defined as phishing for personal/sensitive/credit card information or fraudulent email scams.)
