Owner / Designer
Location: Castle Belgalor
Karma: 2 (+3/-1)
What is Phishing ?
What you need to know about phishing
Just when you thought it was safe to go back into your inbox, there's a new form of spam on the horizon. This spam is more than just unsolicited and annoying. It could lead to the theft of your credit card numbers, passwords, account information, or other personal information. Read on to find out more about this new identity theft scam and to learn how to help protect your personal information.
What is phishing?
Phishing is a type of deception designed to steal your identity. In a phishing scam, a malicious person tries to get information like credit card numbers, passwords, account information, or other personal information from you by convincing you to give it to them under false pretenses. Phishing schemes usually come via spam e-mail or pop-up windows.
How does phishing work?
Phishing works by the malicious user sending millions of bogus e-mails that appear to come from popular Web sites or from sites that you trust, like your bank or credit card company. The e-mails, and the Web sites they often send you to, look official enough that they deceive many people into believing that they're legitimate. Believing that these e-mails are legitimate, unsuspecting people too often respond to the e-mail's requests for their credit card numbers, passwords, account information, or other personal information.
To make these e-mails look even more real, a scam artist might put a link in a fake e-mail that appears to go to the legitimate Web site, but actually takes you to a scam site or even a pop-up window that looks exactly like the official site. These copies are often called "spoofed Web sites." Once you're at one of these spoofed sites you might unwittingly enter even more personal information that will be transmitted directly to the person who created the site who might then use this information to purchase goods, apply for a new credit card, or steal your identity.
Here's what you can do to help protect yourself from phishing
Just as they do in the physical world, scam artists will continue to develop new and more sinister ways to trick you online. But following these five easy steps will help protect you and your information.
1. Never respond to requests for personal information via e-mail. If in doubt, call the institution that claims to have sent you the e-mail.
2. Visit Web sites by typing the URL into your address bar.
3. Check to make sure the Web site is using encryption.
4. Routinely review your credit card and bank statements.
5. Report suspected abuses of your personal information to the proper authorities.
Step 1: Never respond to requests for personal information via e-mail
Microsoft and most legitimate businesses will never ask for passwords, credit card numbers, or other personal information in an e-mail. If you do receive an e-mail requesting this kind of information, don't respond. If you think the e-mail is legitimate, contact the company by phone or through their Web site to confirm. See Step 2 for the best ways to get to a Web site if you think you've been targeted by a phishing scam.
For a list of sample phishing scam e-mails that people have received, check the Anti-Phishing Working Group Phishing Archive
Step 2: Visit Web sites by typing the URL into your address bar
If you suspect that an e-mail from your credit card company, bank, online payment service, or other Web site you do business with is not legitimate, don't follow the links to the Web site from an e-mail message. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site.
Even if the address bar displays the correct address, don't risk being fooled. There are several ways for hackers to display a fake URL in the address bar on your browser. Newer versions of Internet Explorer make it more difficult to spoof the address bar, so it's a good idea to visit Windows Update on a regular basis and update your software. If you don't think you'll remember or prefer to have the installs occur without your intervention, you may be able to configure your computer for Automatic Updates.
Step 3: Check to make sure the Web site is using encryption
If you can't trust a Web site by the address bar, how do you know it's likely to be secure? There are a few different ways. First, before you enter any personal information, check to see if the Web site uses encryption to transmit your personal information. In Internet Explorer you can do this by checking the yellow lock icon on the status bar as seen in the picture below
This symbol signifies that the Web site uses encryption to help protect any sensitive personal information—credit card number, Social Security number, payment details—that you enter.
Double-click the lock icon to display the security certificate for the site. The name following Issued to should match the site you think you're on. If the name differs, you may be on a spoofed site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave the Web site.
To find out more ways to determine if a site is safe, read How Internet Explorer Keeps Your Data Safe.
Step 4: Routinely review your credit card and bank statements
Even if you follow the three steps above, you may still become a victim of identity theft. If you review your bank statement and credit card statements at least monthly, you may be able to catch a scam artist and stop them before they cause significant damage.
Step 5: Report suspected abuses of your personal information to the proper authorities
If you feel you have been a victim of a phishing scam, you should:
Immediately report the scam to the company that's being spoofed. If you're unsure how to contact the company, visit the company's Web site to get the correct contact information. The company may have a special e-mail address to report such abuse. Remember not to follow any links in the phishing e-mail you received. You should type the known Web site address for the company directly into the address bar in your Internet browser.
Provide details of the scam, such as the emails you received, to the Police or FBI (if you are in the USA) through the Internet Fraud Complaint Center. The center works world-wide with law enforcement and industry to promptly shut down phishing sites and identify the perpetrators behind the fraud.
If you feel your personal information has been compromised or stolen, you should also report the circumstances to the FTC and visit the FTC identity theft Web site
To view the website of some Phishing scams, Click Here
Karma: 0 (+0/-0)
Re: What is Phishing ?
Thanks for that Wiz