Phishing - Are You Protected?
Phishing or phish emails are attempts to trick you into giving sensitive personal information to bad guys who are impersonating someone you trust. A phishing attempt may direct you to respond to it via email, or to a Web site that demands information, or to a phone number that talks you out of your identity. Here's what you need to know about phishing protection... |
Phishing Protection
Phishing is an identity thief's way of "trolling for fish" who will bite on his barbed bait. The bait can be subtle. Often, a phish looks like something official from your bank, Facebook, eBay, or some other trusted source. But if you take the bait, you could unwittingly turn over your online banking password to Russian hackers. Or worse. Here's what to look for, and how to protect yourself from phishing attempts.
The bad guys have gotten very good at making these scams look real and convincing. Phishers even steal the graphic logos, fonts, and colors used by name brands in their email communications to make counterfeit phishing emails. But if you look carefully at an email you may see one or more of these telltale signs:
- "Dear Valued Customer..." instead of your name or unique user ID is a tip that the phisher doesn't know who you are. If it really was Paypal, for example, the greeting would be "Dear (first name, last name)".
- A Web link that doesn't point to where it should is an attempt to get you to click on a URL that will take you to a fake phishing Web site. Hover your pointer over the link and the underlying URL will appear in a mouse-over window. If the email says "click here to log into your bank account" but the URL contains some unfamiliar domain name, it's probably a phish. Don't be fooled by URLs spelled out in text in the email; the underlying URL may be totally different from what you see at first glance.
- Slightly misspelled domain names often go unnoticed. "EBAV.COM" looks a lot like "EBAY.COM", doesn't it? But the "ebav" domain is someone else's site, and you don't want to go there.
- Pressure to do something foolish is a favorite phishing tactic. "Reply with your password within 24 hours or your account will be closed!" No legitimate business will make such a demand. "Send money to cover processing" of your alleged lottery winnings is another clue.
- "Friendly phish" appear to be from someone you know personally. Perhaps your cousin's Facebook account has been hijacked and was used to send you a phish. If it doesn't sound like the cousin you know, pause before you reply or do what "cousin" says. It's a good idea to contact the person by phone, text or email to see if they're aware of the shenanigans.
Phone phishing relies on the totally unjustified tendency to trust telephones more than the Internet. "Call this number to speak with a customer service rep" often leads only to an automated system that demands your name, checking account number, online account username and password, Social Security number "for verification", and other data you wouldn't dream of sending over the Internet. Well, now you're speaking this identity theft data into someone's digital recorder! Again, legitimate businesses don't ask customers for such data by phone or over the Internet.
Phishing Protection Software
Email is the most common attack vector for phishing scammers. So it's a good idea to use an email client that includes anti-phishing protection. Gmail, Hotmail and Microsoft Outlook automatically display warnings when a "phishy" message is displayed. As far as I can tell, this feature is not available in Outlook Express or Thunderbird, but addons are available to provide that feature. One example is Thunderbird Sender Verification Extension. Additional phishing protection is also available in many antivirus software packages. Check your settings to see if this feature is turned on.
Up-to-date browsers incorporate anti-phishing technology that can warn you when something is not right with a site before you visit it. It's a good idea to enable these anti-phishing features and heed their warnings. It's turned on by default, but you should make sure the settings have not been changed. In Firefox, go to Tools > Options > Security, and make sure the boxes that say "Block reported attack sites" and "Block reported web forgeries" are checked. For Internet Explorer, anti-phishing protection is available in IE Version 7 and higher. For IE7, click Tools > Phishing Filter, then click "Turn On Automatic Website Checking". For IE8, click Safety > SmartScreen Filter > Turn On SmartScreen Filter. For IE9, click Tools > Safety > SmartScreen Filter > Turn On SmartScreen Filter.
If you get an email that appears to be a phishing attempt, you can simply press the delete button and move on. But if you want to take action that might help others avoid the snare, consider reporting the message to the business that is being impersonated. Some addresses you can use are: abuse@bankofamerica.com (Bank of America), fraud@chase.com (Chase Bank), spoof@ebay.com (eBay), and spoof@paypal.com (PayPal). For other companies, check the website to learn how to report a suspected phishing email.
Do you have something to say about phishing protection? Post your comment or question below...
This article was posted by Bob Rankin on 9 Nov 2010
For Fun: Buy Bob a Snickers. |
Prev Article: Internet Meeting Software |
The Top Twenty |
Next Article: Downloading Free Ringtones |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Phishing - Are You Protected? (Posted: 9 Nov 2010)
Source: https://askbobrankin.com/phishing_are_you_protected.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Phishing - Are You Protected?"
Posted by:
marilyn colby
09 Nov 2010
I recently received a phishing attempt.
It was supposedly sent by a friend from a site called shtyle.com and purported to show me photos that she had posted there. Because they asked, among other coordinates, for my date of birth in order to register, I balked. This was needed in order to be able to see the photos. The site seemed professional enough, but I had learned not to give a birth date due to possible identity fraud, so I informed my friend and she said it was spam and to delete it.
End of story... (I hope!)
end of story (I hope!)
Posted by:
chesscanoe
09 Nov 2010
For Chrome version 8 beta, and maybe earlier versions, go to Tools - Options - Under the Hood - and check "Enable phishing and malware protection". As an aside, this is the best browser I've ever used; I've seen no problems since 8.0.552.28 was made available.
Posted by:
chesscanoe
09 Nov 2010
For Google Chrome beta 8.0.552.28 and possibly earlier versions, go to "wrench icon" (Customize and control Google Chrome) - Options - Under the Hood - and check 'Enable phishing and malware protection'. As an aside, this is the best browser I've ever used, although no browser is perfect.
Posted by:
Deborahin LA
09 Nov 2010
I suggest you also send an e-mail reporting any phishing attempts to the Department of Justice--
phishing-report@us-cert.gov
For American Express, it's
Anti.Phishing.Team@aexp.com
Posted by:
Nezzar
09 Nov 2010
I distinctly remember an earlier article from you stating that the Smart Screen Filter should be turned off because it slowed down the computer. I assume that you have changed your mind.
EDITOR'S NOTE: No, I did mention that if you're having trouble with IE8 crashing, you might try turning it off to see if that helps.
Posted by:
Georghe Barker
09 Nov 2010
Having Windows 7 I have the default email system Live Mail. I have Norton full Internet Security.
Most spam is quietly shoveled into Junk email folder, some labeled "Norton Antispam" the remainder unlabeled. However some labeled "Norton Antispam" stay in the inbox and a few unlabeled but glaingly obviously to the human eye phishing ones go to the In folder. This surprises me.
Posted by:
Digital Artist
10 Nov 2010
This is a laudable effort, Mr. Rankin, but the people who read it already know how phishing works, and the people who don't know won't read it. My brother uses the email moniker, "themapnut". I recently opened an email account under the name "themaqnut," changing the P to a Q. I sent a letter to our huge family warning them how easily they could be fooled, and none of them responded. I think they believe the email was from my brother, even though I pointed out the changed name and other stuff. Just goes to show....
Posted by:
Nezzar
10 Nov 2010
I disagree with Digital Artist. I didn't know how phishing worked, so I sure did pay attention to this article. And, I will turn my Smart Screen Filter back on in a hurry. Keep up the good work, Bob!
Nezzar
Posted by:
Rohan Wickramasinghe
10 Nov 2010
I was enrolled for a course in an Institute in Colombo, Sri Lanka. On the 18th November 2006 I received an email from an administrative officer at the Institute, who had been offered a free telephone if he sent fifty email addresses to someone and asked the fifty addressees to each send another fifty etc. The email addresses had to be sent to anna.swelam@sonyerricsson. I promptly wrote to the administrative officer to point out that sonyericsson is spelled with only one 'r' and asked him not to give out my email address to others. He wrote back to apologise. He never got a free telephone. Thank you TOURBUS for having alerted me to people who collect lists of email addresses. Rohan Wickramasinghe
Posted by:
Rob
10 Nov 2010
There is quite a simple solution.
Not that I am making money out of it but try buying an excellent little program called RoboForm.
It is a wonderful program.
I have tested phishing emails many times with RoboForm. If it is not the genuine website that you signed up on RoboForm will NOT offer the password.
Simple.
The details are also encrypted.
You only have to remember one password.
Love it. Been using it for many years now.