Phishing is becoming increasingly more common. This is how many victims get hacked and how many people become identity theft victims.
What is phishing?
Phishing is similar to actual fishing in a lake. The difference here is instead of catching fish in a lake, phishers attempt to steal your personal information. They will send out e-mails that appear to come from legitimate websites such as eBay, PayPal, your bank or even your credit card company. You’ve probably seen a few of these in your time. The e-mails always state the same generic script- they state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails ask for more private information like your SSN, Full name, address, credit card numbers, mother’s maiden name– the typical information a person would need to sign up for new accounts. Never ever ever enter your information. These kinds of businesses will never contact you via e-mail about personal information and if they do you should not be doing business with these companies.
These fake e-mails will look very legitimate, and even the webpages they link to may appear to be real. How can you tell if this is legitimate or fake? Pay attention to the URL in the address bar. Some things to look for:
- For example if you’re visiting eBay the last part of the domain name should end with “ebay.com” If you see an address such as “www.ebay.validate.com” or if the address contains an IP address such as (18.104.22.168) you can almost guarantee that someone is trying to steal your information.
- Always look for “https” instead of “http”. Not all legitimate sites will use this but most major sites should have this extra measure in place. This shows that the company has purchased a SSL certificate(seccure sockets license) authenticating the company. They are proving they are really who they say they are.
- Spelling errors and bad grammar. Professional companies and organizations typically have a staff of copy editors.
- Threats– phishers and cybercriminals often use threats where as legitimate companies will not threaten you via email.
If you suspect something is not right, instead of clicking the link given to you in the e-mail, physically type the website’s URL address bar yourself. For example, if the e-mail is from eBay and t he link is the “www.ebay.validate.com”, go to your address bar and type “www.ebay.com” and see if you get prompted for the information– if you are not then the e-mail was most likely a fake. Again, if there is ever any doubt do not enter your information.
In addition to third party installations that can hack your system these phishers, aka cybercriminals, also can do this by installing malware which is malicious software on your computer or stealing personal information off of your computer. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website. They often find exploiting human nature is easier than exploiting holes in software.
Phishing can come in other forms beyond e-mails and links. They can also be phone calls. Beware of these! If you have not recently contacted the company the person claims to be calling from be very skeptical. Do not provide personal information of any kind unless you are 100% sure of who you are speaking with.
There are several ways to report phishing scams.
- Internet Explorer: while you are on a suspicious site, click the gear icon and then click “Safety”. Click ‘Report Unsafe Website’ and use the web page that is displayed to report the website.
- Google: http://www.google.com/safebrowsing/report_phish/
- Outlook.com(formerly Hotmail): If you receive a suspicious email that asks for personal information, click the check box next to the messge in your Outlook inbox, click the arrow next to Junk and then point to Phishing scam.
- Microsoft Office Outlook 2010 and 2013: Right-click the suspicious message, point to Junk, and then click Report Junk.
- Report emails and website locations straight to the US-CERT ( United States Computer Emergency Readiness Teaam) which is a part of the Department of Homeland Security. http://www.us-cert.gov/report-phishing
- This site contains a link to the following companies phishing/scam departments: Best Buy, Citibank, EarthLink, eBay, PayPal, Washington Mutual, WellsFargo. It also contains some tips: http://www.fightidentitytheft.com/phishing-scams.html
- Emails claiming to be from the IRS or any other IRS-related components: http://www.irs.gov/uac/Report-Phishing
What to do if you think you have been a victim of a scam:
If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.
- Change the passwords or PINs on all your online accounts that you think might be compromised.
- Place a fraud alert on your credit reports. Check with your bank or financial adviser if you’re not sure how to do this.
- Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
- If you know of any accounts that were accessed or opened fraudulently, close those accounts.
- Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn’t initiate.
Don’t hesitate to contact us today to help make sure your computer and your business are protected against unwanted phishers and other cybercriminals.
©2011 MyITPeople Ventures, LLC