Wednesday, July 13, 2005

Who's Phishing in Your Pond?

How many times have you received email messages that look as if they are from your bank or credit card company and it turned out to be part of a fraudulent scam? Someone was phishing in your pond. Phishing (fĭsh’ing) is defined by Webopedia as, “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.” www.webopedia.com

The term phishing is derived from the fact that Internet thieves are using their email messages as bait and are fishing for people who will get hooked and give them personal information they can use to steal identities. This is a social engineering attack and is also known as spoofing.

How does phishing work?
A spammer fabricates an email message to make you think it is legitimate – it may contain your bank’s logo, resemble their website and contain what looks like links to their website. The phishers will do everything possible to make you believe the message is coming from your trusted financial organization.

In the email message, they ask you to click on a hotlink to verify your account number, password, social security number and other personal information with your financial organization. They usually threaten that if you do not follow the instructions your account will be closed or locked. If you fall for the scam and give them the information, the thieves can use it to steal your identity and wipe out your bank account or charge against your credit cards.

What can you do to protect yourself?

  1. Don’t fall for the bait. Do not respond to the phisher. Do not give your personal information through email.
  2. Before you delete the message forward it to the company being impersonated (your bank, credit card company, AOL, e-Bay, etc.)
  3. Forward the message to the Federal Trade Commission at spam@uce.gov who will investigate and prosecute the offenders.
  4. You can also forward the message to reportphishing@antiphishing.com and file a complaint with the FBI at www.ifccfbi.gov.

For the most part, online banking and e-commerce are safe. Reputable companies will never ask for your account and personal information through email messages. Check to make sure you are using a secure website when banking or purchasing through the Internet. The lock symbol in the bottom right corner of your browser should be visible and the website address should begin with “https://” rather than “http://”. Use common sense when asked for personal information. Ask why and do not be afraid to refuse to give the information.

Security Awareness for Ma, Pa and the Corporate Clueless published a mention of this article on August 2, 2005.

Sharon Cawood
Community Relations & Business Development Professional
Sharon@ntown.com

posted by Sharon Cawood at 8:33 PM

0 Comments:

Post a Comment

<< Home

Powered by Blogger