PHISHING - What You Need To Know
(from the 2/07 issue of the CompuNerds Nerdsletter - sign up for it here)
Phishing, according to Wikipedia, is “attempting to fraudulently acquire sensitive information by masquerading as a trustworthy business in an electronic communication.”
You may receive an email that looks like it came from your bank, or from eBay, or PayPal, or Amazon. They’ll tell you that your account has expired, or they suspect somebody has been trying to access your account fraudulently, or that they’re just verifying your information for security reasons, but if you don’t respond, they’ll have to “freeze” your account. They may even pose as the IRS.
Phishing scams are made up of two parts. The first part is called link manipulation. They try to make the email look like it came from the actual institution they’re impersonating. They will always include a link to a fake website. These links look like they go to the correct place, but there are technical tricks they can use to make it look like it’s going to one place while really going somewhere else.
The second part of the scam is called website forgery: the site you are sent to from the link in the email will look legitimate, but it isn’t. They may request that you “log in” with your real information, or to provide them with private financial information.
What can be done? Part of the solution is technical. The people who make Internet Explorer, Safari, and Firefox regularly update them to close some of the technical loopholes exploited by the phishers. That’s why it’s important to make sure you are using the most recent version of your internet browser. A good spam filter for your email program will also go a long way towards eliminating many of the phishing emails before they even reach your inbox.
The best way to protect yourself is to know what to look for, and to be suspicious of any incoming email requesting that you divulge private information. There are some telltale signs to look for. Phishing email usually contains an urgent request for personal financial info. There’s almost always a link in the email. Do not use this link. If you want to contact your bank via the internet, open the browser yourself, and type in a known good internet address. You can also contact the company directly and ask them about the email.
Most phishing emails will not contain personal information. They may be addressed to “Dear Valued Customer,” for instance. In contrast, a real email from these institutions usually will contain personal information - perhaps your screen name, or the last four digits of your account. This isn’t foolproof, though. Just because personal information is present doesn’t make an email legitimate, but the lack of any personal information is a strong indicator that it is not.
What should you do if you think you’ve given information to a phishing scam? First, contact the institution concerned right away and let them know. Next, if possible, close the account and start a new one. Then be sure to monitor your bills and statements very closely for anything unusual.
Phishers are rotten, selfish, cowardly, and evil. The more educated and wary you are, the more difficult it is for these scammers to succeed.