Monday, March 22, 2010

Don't Fall for the Phisher's Bait

Never respond directly to any unsolicited email that asks you to update or verify your personal information. Banks, stores and other legitimate businesses will never ask you to give this information via email, particularly following the advent of phishing.

If there is any doubt as to whether or not the email is from who it purports to be, contact the company immediately to confirm and clarify the request for information. Be sure to call a phone number from your statement. Calling the phone number in the email is probably a direct line to the identity thief.


Never click on a link in any such email. To do so would be to risk downloading malicious Trojan horse spyware, which will install keyloggers in your computer system. This would provide hackers direct access to all the personal data stored on your computer, which they will use for their own nefarious financial gain.

Never, ever fill out forms contained in an email that request personal information. The mere request for this information should ring a loud alarm bell. Phishers are able to use HTML to design very official-looking email messages. Any information entered into these forms goes directly to the phisher

Never trust links contained in unsolicited email. Phishers have devised ways to spoof legitimate website links. Common tricks that are used include misspelling web addresses or using sub-domains that include the name of a legitimate business.

An email link can also be "masked" in such a way that it displays a very official looking text-link to a legitimate company's website, but clicking on it will take you to the phisher's web site.

Do not cut and paste the link contained in the message into your browser. Type the address of the legitimate company in a separate browser window, so as to bypass having to click on the link in a suspected phishing email.

Always be suspicious of impersonal email. Almost all email communication from legitimate businesses will contain some specific piece of personal information that is not readily available to anyone but you. An email from your bank, for example may include part of your account number.
Always keep in mind that here are malicious people out there who do nothing more than think up creative, innovative ways to get at your personal information.

Be sure to use anti-syware and anti-virus software, and keep these regularly updated. Anti-spam filter software may help eliminate or minimize the amount of phishing spam you will receive in your inbox.

Be very cautious of opening any emailed attachments you receive, even if they seem to be from an acquaintance.

Help catch the phishers by reporting any phishing attempts. Forward the phishing email to the company that is being spoofed. Also forward it to these email addresses as well:
spam@uce.gov and reportphishing@antiphishing.org. This information will be used by the Anti-Phishing Working Group to fight phishing. This organization is a coalition between the internet industry, and financial institutions and law enforcement.

Learn more and stay informed by visiting the Federal Trade Commission's Identity Theft website: www.consumer.gov/idtheft.

No comments:

Post a Comment