Have you ever seen an email message from your bank, EBAY, PayPal, or AOL indicating that your account information needs verification
or modification? And does it ask for credit card information or user accounts? If so, then you have just encountered a "phishing"
scheme!
Some emails may appear obviously flawed but others appear extremely valid and telling the difference between emails from legitimate
companies and phish emails can be difficult. Phishing attacks are on the rise and becoming increasingly sophisticated and
complex. On average, victims lose $1200 when their bank account is compromised via a phishing attack.
What is Phishing?
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial
account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to
trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security
numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond.
Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware.
-from the Anti-Phishing Working Group http://www.antiphishing.org/
Here is a checklist of basic recommendations to avoid phishing schemes.
-
If you receive an unsolicited or unexpected e-mail, pop-up message or instant message requesting personal or financial information,
do not reply or click on the link in the message. Legitimate companies will never ask for your personal or financial information
via e-mail or instant messenger. If you are concerned about your account(s), contact the organization in the e-mail using
a telephone number you know is genuine, or by opening a new browser session and typing in the company's correct Web address.
Do not cut and paste the link that came in the e-mail message.
-
Look at the "address bar" at the top of the browser - not just the pictures on a web page - it is often a different domain
name than the firm being represented in the email or webpage.
-
Regularly update and patch your Web browser(s). Recent browser vulnerabilities have been used as part of phishing attacks.
-
Never e-mail personal or financial information. If you have to enter your information into an organization's Web site, make
sure the site is secure. Check for a lock symbol in the browser bar or make sure the URL starts with "https." Unfortunately,
phishers have found ways to duplicate such security indicators and therefore it's best to minimize online transactions as
much as possible.
-
Use antivirus software on your workstation and regularly update it. Some phishing e-mails contain malicious software that
can harm your computer or track your activities on the Internet without your knowledge. Antivirus software will prevent this
type of software from being installed on your computer.
If you suspect that you have been “phished”, here are some suggestions.
-
Carefully check credit card and bank statements for unauthorized charges each month. Free annual credit reports are available
for most people based on regions:
https://www.annualcreditreport.com/
-
Contact the fraud departments of each of the three major credit bureaus and report that sensitive financial information has
been compromised. Ask that a "fraud alert" be placed on your file and that no new credit be granted without your approval.
-
If your financial accounts have been fraudulently accessed or opened, contact each company's security department. Close these
accounts. Put passwords (not your mother's maiden name) on any new accounts you open.
-
(The above information was gathered and collected from the Washington State Office of the Attorney General http://www.atg.wa.gov/ and the Anti-Phishing Working Group http://www.antiphishing.org websites.)
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.
