Frequently Asked Questions
Phishing: Don't get Hooked
We've all seen email messages like these come through our inboxes:
- "Credit Union Information update required"
- "Your PayPal account is going to expire"
- "During our regular verification of accounts, we couldn't verify your information. Please click the link to update and verify your information".
- "Confirm Your School Details"
- "ACCOUNT VERIFICATION"
"Confirm Your Account"
What's contained in the messages? Links going to websites asking for credit card information, Social Security numbers, or passwords. The scammers can use this information to sell to a third party, commit identity theft, and hack into the user's computer and take it over/extract information. Either way, the victim can problably look forward to many headaches and hassles because of it, and the overall annoyance of finding these unwanted messages in their inbox.
These days, phishing is very commonplace, and people fall victim to it every day. The trick is, how to identify a possible phishing attempt, and how to protect yourself.
What is Phishing?
The term phishing is derived from password harvesting and the use of lures that have been increasing in sophistication to "fish" for users' financial information and passwords. It is usually carried out using email or IM (instant messages in chat programs).
What are some of the most common Phishing techniques?
Most methods of phishing use some form of deception designed to make a link in an email look genuine. The link will go to a spoofed organization (spoofed meaning an actual organization that the phisher is trying to impersonate).
In a lot of cases, misspelled URLs are used by phishers in the message body. That's the easiest kind to spot. Other more sophisticated methods can be used as well, such as using scripts and commands. Those are not as commonplace, however.
What can I do to avoid getting hooked by a Phishing scam?
Here is a list of things you can do to help avoid a Phishing scam:
- If you get an email or pop up message that asks for personal or financial info, don't reply, and don't click any links in the message- Legitimate banks and other genuine organizations do not ask for personal information vial email or popup. If you do get concerned about your account information, contact the institution directly and ask them.
- Use Anti-Virus software and a firewall to help protect your machine - Quite often phishing messages can contain attachments and other objects that can be harmful to your computer. Anti-Virus software can help detect this and clean it out of your system before it causes any problems. A firewall can also block malicious traffic coming into your system, which helps immensely in reducing the chance of your machine being compromised.
- Don't email personal or financial information (bank account numbers, passwords, credit card numbers)- Email is not a secure medium for transmitting personal information, as it is usually in a format called clear text; that is, unencrypted text easily viewed by anyone monitoring the network. If you want to initiate a transaction through an organization's website, please ensure that the site is secure (a lock icon on the browser's status bar or a URL for a website that begins with https). This may not be entirely foolproof, as some phishers have forged security icons. If you feel unsafe doing a transation over the Internet for any reason, then contact the organization directly via phone or personal visit.
- Review credit card and bank account statements as soon as you receive them- If you see any discrepancies, call your credit card company and/or bank to confirm.
- Do not open any attachments that may come in with any email messages that look suspicious- Not only will opening the attachment allow the phisher to gain access to your information, but it can also infect your machine and spread to others in your email address book.
- If you suspect that you've fallen victim to a phishing scam, make sure to change your passwords- Make them as strong as possible (alphanumeric, and use special characters if possible.) The stronger your password, the harder it is for phishers to crack it.
If you do receive a suspicious email message, you can forward it to spam@barracudanetworks.com.
For further information, please visit http://www.antiphishing.org. This site is run by the Anti-Phishing Working Group (APWG), which is an association made up of global corporations and law enforcement that is focused on eliminating the fraud and ID theft that result from phishing email messages. It has a link on the first page to report phishing messages.
It is very unfortunate that we as consumers must deal with this problem, but vigilance on your part will aid in preventing you from becoming a victim.
Other references:
Video: What you should know about phishing identity-theft scams