Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers. The Web site, however, is bogus and set up only to steal the user’s information.
Another way of phishing would be that where the user receives a spam email which appears to be a very genuine e-mail supposedly from his bank. The email has no links to click or attachments to open; instead it’s just requesting the user to call a phone number and to speak with a customer service officer. This phone number is NOT the bank's genuine phone; instead it is linked to a fake automated voice system set up by the phishers. The user dials the number then an automated voice will answer requesting him to enter his account number and PIN and to select one of the options or to talk with a customer service officer. That's it. The phishers got your account number and PIN!!! It is therefore of utmost importance that you know your Bank’s correct phone numbers.
For your further information and guidance, following are some things to remember when you receive a suspicious e-mail:
1. Be wary of clicking any links in email messages. Avoid clicking on any link on an email message unless you are very sure of the destination. Phishing usually are links contained in email messages and when you click on the link it will often take you directly to a phony site where you could unwittingly input your personal or financial information.
2. You can visit the Web site of the company from whom the e-mail appears to be from and take the time to notify them of the suspicious e-mail. Many companies do want to know if their company name is being used to try and scam people, and you'll find scam and spoof reporting links within some of these Web sites.
3. Another important thing to realize is that no legitimate business will ever send an e-mail asking for sensitive personal or financial information. No legitimate company would do this unless they would be essentially giving its customers a heck of a good reason to take their business elsewhere! It's just bad business.
4. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
5. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
6. Do not enter personal or financial information into pop-up windows. It is a common technique of phishing to launch a fake pop-up window when someone clicks on a link in a phishing email message. To make the pop-up window more convincing it will be display in a window you trusted. In any case do not input personal or financial information into the pop-up windows since you cannot validate the security certificate of the pop-up windows. Please close it immediately by clicking on the X button on the upper right hand window.
7. Always check for the security certificate when entering sensitive information on a web site. Before entering any sensitive information on a web site, check on the security certificate. You can check Security certificates by looking into the yellow lock on the lower right of the status bar of your internet explorer (similar to figure below). If the lock is closed this signifies that the web site is using encryption to protect you when you enter sensitive information onto the web site. This symbol may only be present when the web site is requesting you for your information. Unfortunately even the lock icon can be fake. So to increase your safety double click on the lock icon on the lower right corner of your internet explorer (see figure below), it will display the security certificate of the site. The name following issued to should make the name of the web site, if the name didn’t make it means that it is a fake web site or spoofed.
8. Do type URL addresses directly into your browser or use your personal bookmark. If you need to update account information or your password type the URL address directly in the URL address box similar to the figure below.
“The more awareness people have about these malicious scams, the better off we all will be.”
0 comments:
Post a Comment