Gone Phishing

Written By: John Geiger

Gone Phishing

Phishing, the practice of luring unsuspecting victims to disclose sensitive information online, usually through harmless appearing e-mails, has quickly become the fastest-growing security threat to Internet users. The following tips can help you keep from taking the bait from online phishing scams.

An unsolicited email could be a phishing scam if it: Doesn’t address you by your full name; asks you to provide personal or financial information, such as your bank or credit card account number, an account password or PIN, your Social Security number or mother’s maiden name; warns that you have been the victim of fraud or that your account will be closed unless you respond quickly; tells you that you have won a prize or vacation and just need to “confirm” certain information; has spelling or grammatical errors you wouldn’t expect a professional business to make.

Ways to avoid phishing scams include: Never transmit sensitive personal or financial information via email; Emails or pop-up messages that ask for personal or financial information should be deleted immediately (legitimate companies won’t ask for this information online); never open attachments from someone you don’t know or if they seem suspicious. Never follow links (click on them) included in emails from someone you don’t know or that seem suspicious. Be careful which websites you view and/or submit your personal information on. When dealing with financial or other sensitive information in particular, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins with “https:” (the “s” stands for “secure”)*. Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. Use anti-virus software and keep it up-to-date, especially if you have a broadband connection. Anti-virus software and a firewall can protect you from inadvertently accepting unwanted files that may be phishing or contain viruses. For more information consult the following government and consumer advocacy websites:

http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm, http://www.antiphishing.org/, http://www.consumerwebwatch.org/dynamic/fraud-investigation-youve-got-fraud.cfm

Tip to remember: If you are unsure about a message you have received or a website you have come across, confirm the legitimacy of these items by telephoning the company from which these items seemingly originate from. Use a phone number published in a telephone directory or on any financial statements they have received in the past rather than a phone number contained in the message or site.

*Unfortunately, no indicator or method of prevention is foolproof; some phishers have forged security icons or created websites that are surprisingly similar to those of legitimate businesses.
About the Author

John Geiger owns and operates the local affiliate of WSI Internet Consulting and Education, a Toronto based global network of consultants, developers and production centers providing turn-key internet business solutions for small and medium-sized enterprises. He can be reached at 828-324-8399 or www.webmasters-wsi.com

Previous post:

Next post: