What is it?
Phishing is an Internet scam that uses spam, instant messaging or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.
Phishing/Vishing/Identity Theft Examples
Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.
How does it work?
The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.
- Be suspicious of any email with urgent requests for personal financial information
- unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'
- phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
- they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
- phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are
- Don't use the links in an email to get to any web page, if you suspect the message might not be authentic
- Ccall the company on the telephone, or log onto the website directly by typing in the Web address in your browser
- Avoid filling out forms in email messages that ask for personal financial information
- you should only communicate information such as credit card numbers or account information via a secure website or the telephone
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
- to make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://"
- Consider installing a Web browser tool bar to help protect you from known phishing fraud website
- EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites.
- Cloudmark and Qurb both also have commercial toolbars that perform the same service. (see ads opposite)
- Regularly log into your online accounts
- don't leave it for as long as a month before you check each account
- Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
- if anything is suspicious, contact your bank and all card issuers
- Ensure that your browser is up to date and security patches applied
- in particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page to download a patches relating to certain phishing schemes
- Always report "phishing" or “spoofed” e-mails to the following groups:
- forward the email to email@example.com
- forward the email to Scamdex
- forward the email to the Federal Trade Commission
- forward the email to the "abuse" email address at the company that is being spoofed (e.g. "firstname.lastname@example.org")
- when forwarding spoofed messages, always choose the option to 'send as an attachment' so that the entire original email with its original header information remains intact
- notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/
- Check the Reporting Links page to find a specific agency that will take the information.
Show me an Example