For those of us who are not familiar with the term “Phishing” it means that someone is trying to obtain financial or other personal information from internet users, usually by sending out an email that impersonates a legitimate organization, typically a bank, but the link in the email is to a fake web site that is impersonating the real one. Some of the more popular businesses that are being impersonated are Chase, PayPal (big one), eBay, and amazon, just to name a few.
Phishing emails is a worsening problem and it’s affecting more people everyday. Our inbox’ are filling up everyday with these ridiculous emails stating that we need to confirm our personal information in order for our accounts or service to stay active and not be suspended.
When receiving one of these phishing emails, do not click on the link provided within. Always open another tab or window and actually type in the business’ website and log in from there. Usually there will be an alert message letting you know you have a message in your inbox. If there is no message pertaining to the email you received in your regular email account disregard it immediately.
Here’s an Example: You may receive a PayPal email asking you to update your account, with a link saying ‘click here to verify your account’. This email is sent from someone who looks like they work for PayPal, but in reality they have just formatted the email to look like your PayPal messages.
Phishing emails are generated
According to Microsoft Safety & Security Center, new phishing scams are being generated whenever a newsworthy event takes place, a natural disaster, a national election or a significant change in the world financial system. They are being sent in the form of e-cards, fake job opportunities, donation scams, and through social networks. A big one last year was targeted to universities, they were supposedly sending emails out from the administration to whole student body requesting they confirm their passwords.
According to Dave Teare’s blog, co-founder of Agile Web Solutions, phishing attacks can be prevented in many ways, but the most common and effective methods goes as follow:
1. Filter your messages
When filtering your email for spam, many phishing messages will be prevented from getting to your inbox. Currently Google provides one of the best spam filters available in GMail. For example:
2. Detect the scam
The most obvious clue to detect a scam is when you receive an email from a company you do not conduct business with. Be suspicious of any emails starting with a generic opening like “Dear Sir/Madam”. For example:
3. Use available tools
Use the automatic form filter. This will save you loads of time, and they are the most effective tool in avoiding phishing attacks. This tool works by having the auto fill program be responsible for logging you into your websites. Remember, the auto fill program is smart enough to only fill out the forms from the sites whose domain matches the domain you originally saved it on.
How to avoid Phishing scams
The Anti-Phishing Working Group has complied a list of recommendations below that you can use to avoid becoming a victim of these scams.
1. Always be suspicious of any email with urgent requests for personal financial information
– Unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
– Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
– They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
– Phisher emails are typically NOT personalized, although they can be. Valid messages form your bank or e-commerce company generally are personalized, but always call to check if you are unsure.
2. Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
– Instead, call the company on the telephone, or log onto the website directly by typing in the web address in your browser
2. Avoid filling out forms in email messages that ask for personal financial information
– You should only communicate information such as credit card numbers or account information via a secure website or the telephone
3. Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
– Phishers are now able to ‘spoof’, or forge Both the “https://” that you would normally see when you’re on a secure Web server and a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, to financial transaction website yourself and not depend on the displayed links.
4. Always check where the URL ID is coming from. Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “http://www.gotyouscammed.com/paypal/login/htm?” Be aware of where you are going.
5. Consider installing a Web browser tool bar to help prevent you from known fraudulent websites. Theses toolbars match where you are going with lists of known phisher web sites and will alert you.
– The newer version of Internet Explorer version 7 includes this tool bar as does Firefox version 2.
– EarthLink Scam blocker is part of a browser toolbar that is free to al internet users – download at http://www.earthlink.net/earthlinktoolbar
6. Regularly log into your online accounts
– Don’t leave it for as long as a month before you check each account.
7. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
– If anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers.
8. Ensure that your browser is up to date and security patches are applied.
9. Always report “phishing” or “spoofed” emails to the following groups:
– File a complaint at Scambook
– Forward the email to [email protected]
– Forward the email to the Federal Trade Commission at [email protected]
– Forward the email to the “abuse” email address at the company that is being spoofed (e.g. “[email protected]”)
– When forwarding spoofed messages, always include the entire original email with its original header information intact
– Notify The Internet Crime Complaint Center of the FBI by filing a complaint in their website: www.ic3.gov/
Remember, no reputable business would send you an email requesting your personal information. Any emails you may receive asking for this type of information should be considered phony and brought to the attention of the business being phished.