Phishing a technique used by criminals and scam-artists to trick users into giving up their personal and sensitive information such as bank account information, username and passwords, financial data, and social security numbers. Phishers, the name given to those criminals, will use spam emails and harmful websites disguised as legitimate businesses (such as a bank website).
Phishers try to trick users into giving up their personal information by masquerading as a legitimate financial institution – for example, you might receive an email that appears to have come from a trusted sources such as your bank, but in reality it is a scam email trying to coax your username and password out of you. These fake emails are very convincing – often marked with authentic-looking bank name and logos. If a user clicks on any of the links in the email, they will be redirected to a spoof-website that is just another way a criminal phisher will try to trick a user into letting their guard down and giving up their personal data. Often, the phisher will also mask the fake-website URL so that even the web address may look real.
Phishing can result in stolen identities or even a bank account being compromised and all the funds stolen. But, there are things you can do to prevent phishing attacks.
Beware – Scam Website!
Example of a Phishing Site Posing as the Official HSBC Website
Today, phishers will engage in a tactic that tricks a user by creating a false sense of security — address bar spoofing is where the actual website URL of the phishing website is hidden and the user is made to believe they are actually visiting their bank’s authentic website. The only way to confirm the authenticity of the website is by right-clicking anywhere on the phishing page and then clicking Properties to reveal the web pages properties and real URL.
1. Don’t click on email attachments: Most viruses and worms arrive via email attachments. Many of them are spring-loaded to execute as soon as you click on them. Common dangerous file extensions include – .bat, .com, .exe, .pif, .scr, and .vbs. Your best bet is to avoid email attachments unless you know exactly what the file is.
2. Be suspicious of email return addresses: Since phishing attacks attempt to trick you into believing that the email is coming from a trusted source, be very suspicious of an email’s return address. Don’t just assume that because the email return address in the message header says a certain company that it is in fact from that company. The fact of the matter is that most financial institutions do NOT email their clients to ask for account number confirmation or social security numbers or any other personal information.
3. Be suspicious of the email message: Fake phishing emails will attempt to get you to type in your account information, financial information, or personal data into an online form so that the phisher can capture your information and then use it against you. The message may even contain links to a counterfeit version of the company’s Web site, complete with genuine-looking graphics and corporate logos. View all emails in plain text (without any html coding and without any images). If you still have questions about the email or one of your financial accounts, simply call the institution directly and speak with customer service.
Ensure you scan all incoming email attachments for viruses. Only open attachments you need or are familiar with (from friends or family). And make sure you turn off the feature in your email client that allows for the automatic downloading of pictures. Also, turn of the auto-preview function.
4. Be suspicious of the link: Phishing emails will include a link that appears to lead you to a financial website or other website you may do business with. Although the link looks genuine, it is easy to disguise a link and have it deliver you to a counterfeit website that is masquerading as your bank’s website. Be suspicious of any email asking you to re-confirm your personal or sensitive information online – even if the website looks genuine.
Banks and Internet Service Providers simply don’t lose your personal information and then send e-mail requests for you to re-enter your information online. Something else that should raise your eyebrow is that the link text and the real underlying URL don’t match. Always examine log-in Web pages and their URLs closely. Do not access the company website by clicking on links in your emails, instead type the web address directly into your browser or use a bookmark from within your internet browser. Ensure the bank or financial website you are logging onto is secure (look for the “s” at the end of https:// in the website address ). Also, look for the secure connection icon (a small lock) in the upper left of your browser.
5. Don’t download or install anything: Some phishing attacks create a pop-up warning that prompts you to download a “browser plug-in.” Do not download this! Doing so can result in a flurry of pop-ups, undesirable toolbars, a home-page hijacking, or worse. If you are suspicious of an email or a call to download a plugin or install a program, visit online verification websites such as www.snopes.com to expose potential email hoaxes.
6. Internet Explorer anti-phishing tools: IE 7.0 (or greater) includes anti-phishing tools. This tool is an online filter (must be activated by the user) that verifies commonly phished websites including Paypal, Ebay, etc. Internet Explorer will verify each of these websites and check them against possible phishing sites. You must have IE 7’s automatic anti-phishing filter and automatic certificate revocation enabled, for this feature to work. To determine if a website is a reported phishing website or not, the Phishing Filter will check the address of the website you are trying to visit on a Microsoft server to see if it’s a reported phishing site.
What is Phishing?
The term ‘phishing’ was coined in 1996. Phishing is used to obtain credit card information or sometimes just user names and passwords to sites link Facebook and Twitter. The phisher hopes to bait and lure a victim in by asking them to log in to a fraudulent website that looks exactly like a trusted website. There are ways to spot a phishing site or email that all internet users should be aware of. The United States claims that internet users in the country lose a total of $2 billion each year as a result of phishing scams.
One way to avoid being the victim of a phishing scam is to check the URL of all websites asking the user to log in, especially if the user clicked on a link to the site from an email. It’s also a good idea to look at the sender of the email. If it is from a free email provider like AOL or Yahoo but claiming to be from an official website such as a bank, it is a scam.
Article: Think Before You Click to Avoid Viruses and Scams – Read PC World article
If you have a wireless internet connection in your home, you should check out our section on how to secure your wireless network for detailed instructions and advice on data encryption and wireless router security.