.
 

IT Security

 

 Lock and key
     

Phishing

Examples of phishing scams

Don't get hooked - don't bite on phishing attempts

Jane is reviewing her e-mail when she comes across a strange message. It is from a bank that she doesn't have a bank account with, asking her to update her account information. It asks that she answer a few questions to validate her account due to recent fraudulent activity. A helpful link to a web page is included. Curious, Jane clicks on the link and is taken to a page that prompts her to enter her first name, last name, social security number, account number and password. Knowing that something is definitely wrong —she doesn't even bank there! — Jane closes the page and deletes the e-mail.

 

Jane has just encountered a phishing attack. Phishing is an attempt to lure unwary consumers into divulging personal information such as credit card numbers, bank account information, passwords and Social Security numbers to scammers. In this case, Jane knew that something was up because she didn't bank where the e-mail had purportedly come from. She correctly decided to not answer any of the questions and deleted the e-mail. But what if the phishing attempt had been more convincing? Consider the following...

 

Joe is quickly scanning his e-mail first thing in the morning. One message stands out, as it comes from his bank. Opening it, he reads how the bank has recently enacted new security measures designed to prevent criminals from impersonating Joe online and accessing his account. Joe is interested in this, as he relies heavily upon his account for online bill paying and automatic deductions. He likes the idea of adding security questions and other key security features. Reading further, Joe sees that in order to activate these features, he will need to answer a few questions to validate his identity and account. Joe clicks on the link provided in the e-mail and watches as his browser opens the web page.

 

Knowing that he has to be careful about giving out his information, Joe looks for and finds the lock icon indicating that the session is protected by encryption. He also carefully looks over the page and can see that it does indeed look like his bank's home page. He even follows a few of the links on the page and scrutinizes the telephone numbers and e-mail contacts provided for customer support and loan applications. Everything looks in order, so Joe returns to the initial page and fills in the fields asking for his name, account number, password and security questions. He clicks submit and relaxes as the page displays his information for verification and informs him that all security measures have been enabled.

 

 Unfortunately for Joe, he has not given his information to his bank, but to a criminal. By the next day Joe's account has been emptied by electronic transfer to a bank account located overseas. Joe doesn't even know this until he receives his first overdraft notification and by then it is too late.

 Phishing attacks range from very basic, crude attempts to get you to send information to someone by e-mail, to elaborate, very convincing schemes involving multiple web pages, e-mails and seemingly genuine automated responses.

 So how do you protect yourself? Here are some easy tips:

 

1. Do not reply to e-mail asking you for personal or financial information. 

No reputable bank, credit union or company will ever ask you for sensitive information in an e-mail. When in doubt, contact the entity that sent it to verify it is genuine.

 

2. Never trust any links contained in such e-mails. Always type in the web address of the the bank or company yourself. 

This protects you from fake web addresses that appear to come from the real source, but actually redirect you to the scammer's fake web page. Remember that many of these fake web pages look very convincing and may contain actual links to some parts of the real organization's web site to appear legitimate.

 

3. Use antivirus and antispyware software and keep it up to date. 

This is a basic precaution, but it bears repeating. Some phishing e-mails contain software that can harm your computer or track your activities on the Internet without your knowledge. Having up to date antivirus and antispyware software can help protect against these types of attacks.

 

4. If you believe you’ve been scammed, file a complaint with the Federal Trade Commission (FTC) , then visit the FTC’s Identity Theft website.

Victims of phishing can become victims of identity theft. While you can’t entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

Don't forget to change your account password if you think it may have been compromised. This is especially true if you have responded to a phishing attempt - change your password right away.