Phishing is a type of deception designed to steal your identity. In phishing scams, scam artists try to get you to disclose valuable personal data—like credit card numbers, passwords, account data, or other information—by convincing you to provide it under false pretenses. Phishing schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows. A phishing scam sent by e-mail may start with con artists who send millions of e-mail messages that appear to come from popular Web sites or sites that you trust, like your bank or credit card company. The e-mail messages, pop-up windows, and the Web sites they link to appear official enough that they deceive many people into believing that they are legitimate. Unsuspecting people too often respond to these requests for their credit card numbers, passwords, account information, or other personal data.
What does a phishing scam look like? As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually (1), takes you to a phony scam site or (2) possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists. They then often use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.
Just as in the physical world, con artists will continue to develop new and more sophisticated ways to trick you online. The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
How to Reduce Your Risk
Here are some practical tips:
What does a phishing scam look like? As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually (1), takes you to a phony scam site or (2) possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists. They then often use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.
Just as in the physical world, con artists will continue to develop new and more sophisticated ways to trick you online. The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.
• "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate.
• "If you don't respond within 48 hours, your account will be closed." Phishing e-mail may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail may threaten to close or suspend your account or may even say your response is required because your account may have been compromised.
• "Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name.
• "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.
Another common technique that con artists use is a Uniform Resource Locator (URL or website address) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as:www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
How to Reduce Your Risk
Here are some practical tips:
• Be wary of clicking on links in e-mail messages. Links in phishing e-mail messages often take you directly to phony sites where you could unwittingly transmit personal or financial information to con artists. Avoid clicking on a link in an e-mail message unless you are sure of the destination. Even if the address bar displays the correct Web address, don't risk being fooled.
• Instead of clicking on a link inside an e-mail address, type addresses directly into your browser or use your personal bookmarks. If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.
• Check the security certificate when you are entering personal or financial information into a Web site. Before you enter personal or financial information into a Web site, make sure the site is secure. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar (bottom right). In Firefox, you will see this same lock at the end of the address. The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. It's important to note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information. Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following “Issued to” should match the name of the site. If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.
• Don't enter personal or financial information into pop-up windows. One common phishing technique is to launch a fake pop-up window when someone clicks on a link in a phishing e-mail message. To make the pop-up window look more convincing, it may be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking on the red X in the top right corner (a "cancel" button may not work as you'd expect).
• Do update your computer software. Software developers continue to make improvements to their software to help protect your computer.
• Check out EarthLink ScamBlocker which is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites. Its free to all Internet users - download at http://www.earthlink.net/software/nmfree/
Note: If you suspect that you've already responded to a phishing scam with personal or financial information or entered this information into a fake Web site, there may be ways you can minimize any damage.
0 comments:
Post a Comment