Phishing is an attempt to use electronic communications to obtain personal information by trickery or deceit. It is, in essence, a web-based con job though sometimes you will hear it called "social engineering" as well.
With the rise in popularity of things like email, social networking and electronic banking, phishing has only continued to grow and thrive. A huge number of victims are just a few keystrokes away, the methods for delivering the deceptive messages are common and people still tend to be gullible. Don't let yourself be the next victim of a phisher.
Phishing attempts are often crafted to include an implied threat to the recipient's assets or security. Because it's natural to want to protect these, it makes potential victims more likely to respond when their fear of loss or being in trouble overcomes their suspicion. This means banks, payment sites like PayPal and even Internet providers or government agencies are impersonated to lure the potential victims in.
The goal of any phisher is to obtain your personal information but what they are attempting to obtain and how can vary. Some of the most common information being phished for are:
- Logins and passwords for things like online banking, payment websites, email providers, social networking sites and even online games.
- Bank Account or Credit Card Numbers
- Social Security Numbers
- Physical Addresses
Although some of this information can be used directly, like credit card numbers, other information is used as a way to examine your stored personal information for details that can be used to steal your identity.
Some of the ways phishers can obtain the information include:
- Tricking you into entering your legitimate information on a bogus or look-alike website.
- Responding to the phishing attempt with personal information.
If you have an online presence of any sort, you will undoubtedly be subject to phishing attempts at some point. It's important to educate yourself on how to recognize the most common phishing attempts before your fall for them.
Read the Message Carefully
Many phishing emails are not well written and contain typos and grammatical errors. Legitimate companies read and check their communications, so a poorly written email is a big clue that it may be a phishing attempt.
In addition, most companies that communicate via email include one or more pieces of information in the mail that are not easily obtained. They will also personalize the communication specifically for you. If you receive email claiming to be from a business or agency you have a relationship with but the mail is generic and contains no personalized information or any personalized information it contains is incorrect for that business or agency, it is probably a phishing attempt.
Don't Click on Links in Email on Instant Messenger
One of the easiest ways to foil phishing is to make it a practice to never click on links in email or instant messenger. If you receive a link that is supposed to be to a business or agency you do business with, type the real website link into your browser yourself. Links to websites are incredibly easy to falsely label in email or instant messenger in order to fool recipients. These web links can also use tricks like subtle misspellings and look-alike addresses to pretend to be a legitimate site.
This advice includes links that appear to be sent to you by people you know. Spammers easily forge email addresses and some viruses will take over a legitimate email address and send mail to everyone on that user's address book.
Never Give Any Personal Information In Email or Instant Messenger
Email and Instant Messenger are not secure ways to communicate and if you send personal information on request, you have just given the phisher exactly what they want. This includes personal information to people you know via email or instant messenger because the messages you send can be intercepted before they reach the legitimate recipient or a phisher might even be pretending to be an acquaintance.
Don't Open Unexpected Attachments
Attachments are very prone to use in spreading viruses and these viruses can be used to compromise your system and record whatever you type or where you go. The best prevention is to make it a practice to never open attachments unless they are from someone you know and you've verified that they intended to send that attachment to you.
Don't Reply to Suspicious Emails
Never reply to suspicious emails or instant messages. All this does is tell the phisher that he's got a real email will result in more and more phishing attempts directed toward you.
Use a Browser with Anti-Phishing Technology
Many current versions of web browsers include technology designed to help you identify potential phishing sites. The technology isn't perfect but listen to any warnings from your browser. Never blindly continue on if there is something wrong or suspicious about the website.
Protecting yourself from phishing attempts isn't easy but these common-sense guidelines will help you evade the most common phishing schemes and keep your personal information safe.
(c) 2008 Maura Anderson
