As if we didn't have our hands full enough with viruses, adware, spyware, trojans and all the other nasties, we also have worry about phishing?!
What is phishing, and why should you care?
The word is pronounced "fishing." When someone phishes, their goal is to lure people into giving them personal or financial information that they can use to their advantage. Their motivation is greed.
A common ploy is to send out an e-mail that is made to look like it's from a legitimate financial institution (such as PayPal, or your bank). The text of the e-mail gives some reason why you should click on the link they provide in the e-mail and log into your account on the Web page it takes you to.
If you do log into your account like they want you to, you're the phish, and you took the bait -- hook, line, and sinker.
The goal of the phisher is to get you to give them your bank account logon name and password. They use legitimate-looking e-mail to send people to legitimate-looking Web sites, where they capture and record your username and password as you type it in. As soon as they have that, they can log into your bank account and conduct transactions, just as if they were you.
How do you avoid falling prey to these tricksters? The very fact that they are asking for your account information marks them as imposters. Banks and other institutions and businesses don't contact their customers to update account information. They wait until the next time their customer goes to them.
Think about it: Have you ever received a phone call or letter from your bank asking you to contact them so they can verify something about your account? If they don't contact you by telephone or regular mail, why would they do so in e-mail?
Our rule of thumb is, if we receive ANY e-mail asking us to go to a Web site and log onto our account, we automatically assume it's a phishing attempt and delete it, 100% of the time. No exceptions. The very request itself is like a big red sign that says "Phishing Attempt!"
Phishers don't always try to pass themselves off as financial institutions. Businesses like eBay and amazon.com are also represented in phishing scams. Mortgage companies are another target. Phishers send e-mails offering low rates on on mortgages or other loans to lure people into going to a false Web site and typing in their Social Security number. Another ploy is to offer low-interest credit cards, credit reports, or credit repair -- anything that will get you to enter your Social Security number or other personal or financial information.
Most Internet threats are handled with software, like anti-spyware or anti-virus software. Phishing is different: Your best protection lies between your ears. Train yourself to be habitually aware of phishing possibilities. Don't automatically click the link in an e-mail and do what they tell you to do. Raise your suspicion level. Don't be paranoid, but do be careful.
If you receive an e-mail that wants information from you, and you really think it's legitimate, be smart. Call the business or institution on the phone to check. If it is a fake request, they will be very glad that you reported it to them. Phishing hurts them as well.
If it turns out the e-mail really is from them, then it's an opportunity for you, the consumer, to tell them that their practice of requesting information through e-mail is making them susceptible to phishing attempts. It is important to communicate with the companies you have accounts with. Consumers and businesses can work together to create a safer Internet.
You can see some examples of phishing attempts at our web site.
Sylvia Breau is a long-time computer consultant to small businesses. She is committed to helping computer owners break through the "technology gap" that occurs when regular people can't understand what computer geeks are saying. In the case of Internet security, this technology gap is beyond being simply frustrating or costly. It becomes downright dangerous. The author wishes to convey to all computer users the importance of devoting just a bit of time and energy to knowing what they need to do and have to stay safe online. Please see our Six Steps to Internet Security, a practical, easy-to-use guide to online safety. For a "snapshot" of your computer security, please use our Computer Security Score Card. |
No comments:
Post a Comment