Wednesday, August 4, 2010

What is "phishing" and how to avoid it

Phishing is an increasingly common type of spam that can lead to theft of your personal details such as credit card numbers or online banking passwords.

Phishing attacks work by the scam artist sending "spoofed" emails that appear to come from a legitimate website that you have online dealings with such as a bank, credit card company or ISP - any site which requires users to have a personal identity or account. The email may ask you to reply with your account details in order to "update security" or for some other reason.

The phishing email may also direct you to a spoofed website or pop-up window which looks exactly like the real site, but has been set up for the sole purpose of stealing personal information. Unsuspecting people are then often fooled into handing over credit card numbers, passwords or other details.

  • Never respond to emails that request personal financial informationBanks or e-commerce companies generally personalize emails, while phishers do not. Phishers often include false but sensational messages ("urgent - your account details may have been stolen") in order to get an immediate reaction. Reputable companies don't ask their customers for passwords or account details in an email. Even if you think the email may be legitimate, don't respond - contact the company by phone or by visiting their website.
  • Visit bank or other financial, retail or medical websites by typing the URL (web address) into the address bar yourself. Phishers often use links within emails to direct their victims to a spoofed site, usually to a similar address such as mybankonline.com instead of mybank.com. When clicked on, the URL shown in the address bar may look genuine, but there are several ways it can be faked, taking you to the spoofed site. If you suspect an email from your bank or online company is false, do not follow any links embedded within it.
  • Keep a regular check on your accounts - Regularly log into your accounts & and check your statements. If you see any suspicious transactions report them to your bank or credit card provider.

Be sure the website you are visiting is secure - Always, before you submit any personal or fiancial information, always check to ensure the site uses encryption to protect your personal data:

  1. Check the web address in the address bar. If the website you’re visiting is on a secure server it should start with "https://" ("s" for security) rather than the usual "http://"
  2. Look for a lock icon on the browser's status bar. Check the level of encryption, expressed in bits, by hovering over the icon with your cursor. Note that the fact that the website is using encryption doesn't necessarily mean that the website is legitimate; it only tells you data is being sent in encrypted form.

No comments:

Post a Comment