Security Tips: Phishing 101
Phishing is a form of theft where the intent is to steal your valuable personal data, such as Social Security numbers, credit card numbers, passwords, account data, or other information.
How Does It Work?
A phisher will send you an email, an instant message or sometimes call you on the phone. The message may appear to come from a friend, a business (your bank), a government agency (the IRS), or some other entity. Common phishing scams typically claim to be credit card companies, banks, and major online retailers such as eBay, PayPal, and Amazon, as well as social networking sites like MySpace. Some phishing attempts are easy to identify because they claim to come from businesses or companies that you have never dealt with; others may be more difficult to identify, since they appear to originate from entities with which you do business.
A phishing message may indicate that the entity had problems with their computers or data and that they simply need to verify your account information so you won't be inconvenienced next time you try to use their services. The email message might suggest that a suspicious purchase was made using your credit card, and that if you did not make this purchase, you need to contact them by using the link included in the email. Another example is a message claiming that you have just won the lottery, that you should go to the secure web link provided, enter your bank account information and they will deposit your winnings into your account. Another variation might be an email claiming to be from the IRS claiming that due to an accounting error, you are owed a refund. They ask that you go to a website and enter your banking information so that they can process the refund.
The current scam is from a bank with the subject line: BE aware Fraudulent emails! It states that your account has been suspended and gives a phone number to call to reactivate your account.
Regardless of which story the phishers use, if you fall prey to a phishing email, the end result may be unauthorized purchases using your credit card or an empty bank or other financial account.
Ask the following questions to Determine if You Received a Phishing Email?
- Does the email ask you to verify your information or confirm your user-ID and password?
- Does the email reference any consequences should you not verify your information?
- Most importantly, remember that legitimate businesses should never ask for personal or financial information via email.
How Can You Avoid Becoming a Victim?
- If it appears to be a phishing email, simply delete it.
- Do not click on any links listed within the email message, and do not open any attachments contained within the email. Many phishing messages and sites not only attempt to get your personal information, they may also attempt to install malicious code on your computer.
- Do not enter personal information in a pop-up screen. Legitimate companies, agencies, and organizations don't ask for personal information via pop-up screens.
- If you get an email or phone call from a company posing as a company that you do business with, take the name and phone number of the person calling. Tell them that you cannot talk now. Look up the contact information of the business and contact them independently to verify the legitimacy of the phone call. If the call was not legitimate, call email@example.com and relay the information.
Should I Do Anything Else?
Review your credit card and bank statements, along with bills from any other companies with which you do business, looking for unauthorized charges or withdrawals. Choose strong passwords for your accounts, do not use the same password for every account and most importantly never save it in your browser. Remember that if you conduct business on the Internet, always make sure that the site you use to enter payment information is secure.
You can usually tell when a page is secure in two ways:
- There will be a lock icon in the browser window pane (usually at the bottom).
- The URL will say "https://"