Phishing - Are You Protected?
Phishing or phish emails are attempts to trick you into giving sensitive personal information to bad guys who are impersonating someone you trust. A phishing attempt may direct you to respond to it via email, or to a Web site that demands information, or to a phone number that talks you out of your identity. Here's what you need to know about phishing protection...
Phishing is an identity thief's way of "trolling for fish" who will bite on his barbed bait. The bait can be subtle. Often, a phish looks like something official from your bank, Facebook, eBay, or some other trusted source. But if you take the bait, you could unwittingly turn over your online banking password to Russian hackers. Or worse. Here's what to look for, and how to protect yourself from phishing attempts.
The bad guys have gotten very good at making these scams look real and convincing. Phishers even steal the graphic logos, fonts, and colors used by name brands in their email communications to make counterfeit phishing emails. But if you look carefully at an email you may see one or more of these telltale signs:
- "Dear Valued Customer..." instead of your name or unique user ID is a tip that the phisher doesn't know who you are. If it really was Paypal, for example, the greeting would be "Dear (first name, last name)".
- A Web link that doesn't point to where it should is an attempt to get you to click on a URL that will take you to a fake phishing Web site. Hover your pointer over the link and the underlying URL will appear in a mouse-over window. If the email says "click here to log into your bank account" but the URL contains some unfamiliar domain name, it's probably a phish. Don't be fooled by URLs spelled out in text in the email; the underlying URL may be totally different from what you see at first glance.
- Slightly misspelled domain names often go unnoticed. "EBAV.COM" looks a lot like "EBAY.COM", doesn't it? But the "ebav" domain is someone else's site, and you don't want to go there.
- Pressure to do something foolish is a favorite phishing tactic. "Reply with your password within 24 hours or your account will be closed!" No legitimate business will make such a demand. "Send money to cover processing" of your alleged lottery winnings is another clue.
- "Friendly phish" appear to be from someone you know personally. Perhaps your cousin's Facebook account has been hijacked and was used to send you a phish. If it doesn't sound like the cousin you know, pause before you reply or do what "cousin" says. It's a good idea to contact the person by phone, text or email to see if they're aware of the shenanigans.
Phone phishing relies on the totally unjustified tendency to trust telephones more than the Internet. "Call this number to speak with a customer service rep" often leads only to an automated system that demands your name, checking account number, online account username and password, Social Security number "for verification", and other data you wouldn't dream of sending over the Internet. Well, now you're speaking this identity theft data into someone's digital recorder! Again, legitimate businesses don't ask customers for such data by phone or over the Internet.
Phishing Protection Software
Email is the most common attack vector for phishing scammers. So it's a good idea to use an email client that includes anti-phishing protection. Gmail, Hotmail and Microsoft Outlook automatically display warnings when a "phishy" message is displayed. As far as I can tell, this feature is not available in Outlook Express or Thunderbird, but addons are available to provide that feature. One example is Thunderbird Sender Verification Extension. Additional phishing protection is also available in many antivirus software packages. Check your settings to see if this feature is turned on.
Up-to-date browsers incorporate anti-phishing technology that can warn you when something is not right with a site before you visit it. It's a good idea to enable these anti-phishing features and heed their warnings. It's turned on by default, but you should make sure the settings have not been changed. In Firefox, go to Tools > Options > Security, and make sure the boxes that say "Block reported attack sites" and "Block reported web forgeries" are checked. For Internet Explorer, anti-phishing protection is available in IE Version 7 and higher. For IE7, click Tools > Phishing Filter, then click "Turn On Automatic Website Checking". For IE8, click Safety > SmartScreen Filter > Turn On SmartScreen Filter. For IE9, click Tools > Safety > SmartScreen Filter > Turn On SmartScreen Filter.
If you get an email that appears to be a phishing attempt, you can simply press the delete button and move on. But if you want to take action that might help others avoid the snare, consider reporting the message to the business that is being impersonated. Some addresses you can use are: email@example.com (Bank of America), firstname.lastname@example.org (Chase Bank), email@example.com (eBay), and firstname.lastname@example.org (PayPal). For other companies, check the website to learn how to report a suspected phishing email.
Do you have something to say about phishing protection? Post your comment or question below...
This article was posted by Bob Rankin on 9 Nov 2010
|For Fun: Buy Bob a Snickers.|
Internet Meeting Software
The Top Twenty
Downloading Free Ringtones
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Phishing - Are You Protected? (Posted: 9 Nov 2010)
Copyright © 2005 - Bob Rankin - All Rights Reserved