What is Phishing?
Phishing attacks use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.
How to avoid getting caught?
Be suspicious of any email with urgent requests for personal financial information. You can’t be sure it wasn’t forged or “spoofed.” Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc. Phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are personalized.
Don’t use the links in an email to get to any web page, if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser. To make sure you’re on a secure Web server, check the beginning of the Web address in your browsers address bar – it should be “https://” rather than just “http://”.
Consider installing a Web browser tool bar to help protect you from known phishing fraud websites. EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that’s on Earthlink’s list of known fraudulent phisher Web sites. Its free to all Internet users. Click here to download.
Ensure that your Web browser is up to date and security patches applied. In particular, users of the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page to download a special patch relating to certain phishing schemes.
What if you are confronted with a phishing scam?
Always report “phishing” or “spoofed” e-mails to the following groups:
The Anti-Phishing Working Group (APWG)
The Federal Trade Commission
The “abuse” address at the company that is being spoofed
When forwarding spoofed messages, always include the entire original email with its original header information intact.