What is Phishing?

 

One way to hook a fish is to use a lure so realistic that the fish thinks it’s food. Phishing on the Web works the same way. Thieves send an e-mail or instant message that masquerades as a message from a reputable company such as Citibank, eBay, or MSN. You’re asked to divulge such sensitive personal information as your bank account or credit card number, password, or personal identification number (PIN).

 

How Phishing Works

The message capitalizes on your trust of a respected brand by enticing you to click a link that takes you to an equally convincing (and equally fake) Web page or pop-up window, which has been set up to imitate the legitimate business.

You’re asked to divulge such sensitive personal information as your Social Security number, a bank account or credit card number, a validation code, password, or personal identification number (PIN).

This fraud is disarming its ingenuity. Here are a few more potential examples:

Mail from a “bank” requesting verification of a charge for a hotel, a spoof so meticulous that it included bank logos and promises to safeguard privacy. The reader had only to click “STOP THIS PAYMENT” to visit an equally convincing page where they were asked to reveal account information needed to “deny payment.”

An email from “eBay” informing readers that their eBay account is suspended or deactivated if they didn’t confirm their account details at once.

An SMS from a "mobile company" requesting users to verify their age. As most age validation is done with a credit card, all credit card holders should be aware of any service asking for their details. If uncertain, users should call customer services.

 
In 2003 fake sites tricked almost 2 million people into revealing confidential information, putting at risk their financial status and credit rating.

 

Five Ways to Help Protect Yourself from Phishing

Though there’s no substitute for vigilance when giving out sensitive personal information. Following these 5 simple guidelines will reduce your chances of getting hooked by a scam.

A) Never give sensitive personal information in an e-mail, instant message, or pop-up window

Most legitimate and established businesses will not use these methods to ask for passwords, account or credit card numbers, or other confidential information. It’s easy for phishers to trick people—for example, by forging the “From” address of an e-mail message.

B) Be wary of clicking a link in a message or pop-up window

If you get an e-mail, instant message, or pop-up window that asks for personal information, do not click the link. Doing so could take you to a phoney site where any information you give may be sent to the scam artist who built it.

If you’re unsure whether a message is genuine, call the company using the number from a past statement or the phone book. To visit the Web site, type the address yourself or use your own bookmark.


C) Make sure the Web site protects your personal information and is legitimate before you enter anything

Phishers have ways of faking the address that is displayed. If you have even the slightest doubt about the site’s legitimacy, play it safe and leave.

Check for signs of data encryption, a security measure that helps protect sensitive data as it traverses the Internet. As shown below, look for https (“s” for secure) in the Web address and for a tiny closed padlock or an unbroken key.
Check to make sure you are where you think you are. Unfortunately on some systems, the padlock (and key) can be faked, so double-click it to display the security certificate for the site (as shown below). Look for a match between the name on the certificate and in the address bar. If the name differs, you may be on a faked site.

D) Routinely review your financial statements

Check all credit card and bank statements monthly and regularly log in to any online accounts to make sure nothing is amiss.

E) Improve your computer's security

Phishers reply on you not applying the latest security fixes and may try to exploit vulnerabilities that haven’t been corrected.

Microsoft helps you use a firewall, install antivirus software and update it routinely, and keep your Windows and Office software up to date.
 

"BEWARE"
 

---