Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term “phishing” was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to “baits” used in hopes that the potential victim will “bite” by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
To help you protect yourself from phishing, FraudAlert offer the following tips:
- Guard against spam.
- Copy and paste the e-mail Subject Line into your favourite search engine and see if it is a known spam mail.
- Communicate personal information only via phone or secure web sites.
- When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL – the “s” stands for “secure”.
- Do not divulge personal information over the phone unless you initiate the call.
- Be cautious of emails that ask you to call a phone number to update your account information as well.
- Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.
- Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, or to the person’s account to whom you are emailing.
- Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you. After all, businesses should not request personal information to be sent via email.
- Hover over any links and check that they really are the link they appear to be – e.g. http://www.majorbank.com could be directing you to another web site. Hover here –> http://www.majorbank.com <– and look in your browser footer to see what we mean.
- Beware of pop-ups and; never enter personal information in a pop-up screen, do not click on links in a pop-up screen, do not copy web addresses into your browser from pop-ups, legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it.
- Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure that you are blocking from new viruses and spyware.
- Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.
- Don’t react to e-mails that try to upset you into acting quickly by threatening you with frightening information.
- Always remember that if something sounds too good to be true then it probably is not true.
- Look to see if the e-mail sent to you is personalised to you and contains personal information – if not delete.
- Live your online life by the following guidelines – nothing THAT important will be sent by e-mail, major good fortune and major bad news is 99.9999% of the time communicated via snail mail, courier or a personal visit.
- You should always be careful about giving out personal information over the Internet. Companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on their own.
- Remember that you may be targeted almost anywhere online, so always keep an eye out for those “phishy” schemes and never feel pressure to give up personal information online.