Phishing, pronounced "fishing," is a type of online identity theft that uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
Follow these guidelines to help protect yourself from phishing scams sent through e-mail.
1. If you think you've received a phishing e-mail message, do not respond to it.
If an e-mail looks suspicious, don't risk your personal information by responding to it.
2. Approach links in e-mail messages with caution.
Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.
Most e-mail programs (such as Outlook 2003) show you the real target address of a link when you hover the mouse over the link.
Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.
Make sure that the spelling of words in the link matches what you expect. Fraudsters often use URLs with typos in them that are easy to overlook. For example, instead of
www.microsoft.com, the scammer might create a Web page with the address:
www.micrsoft.com
www.micosoft.com
www.mircosoft.com
This is called "typo-squatting" or "cybersquatting." Scammers register these domain names in order to compete with the popular site or to earn money through advertisements.
3. Don't trust the sender information in an e-mail message.
Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message.
Fraudsters can easily spoof the identity information in an e-mail message.
4. Verify the identity and security of the Web site.
Some sites feature verified identity and security information. When you visit a verified site using Internet Explorer 7, the browser address bar turns green and the identity information appears on the right-hand side of the address bar. This makes it easy to check the identity information and ensure that it matches the site that you expected to see.
Make sure the site is secure before you type. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar, as shown in the following example.
Example of a secure site lock icon. If the lock is closed, then the site uses encryption.
The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details.
Note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information.
Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site.
If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.
Tip: If you don't see the status bar at the bottom of your browser window, click View at the top of the browser, and then select Status Bar to activate it.
5. Type addresses directly into your browser or use your personal bookmarks.
If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.
6. Use an updated browser
Regularly updated Web browsers to incorporate an ever-expanding set of features, such as the , Microsoft Phishing Filter, designed to help protect you when you click links in e-mail messages.
7. Don't trust offers that seem too good to be true
If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.
8. Report suspicious e-mail.
Report the e-mail to the faked or "spoofed" organization.
Contact the organization directly-not through the e-mail you received-and ask for confirmation. Or call the organization's toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, such as your IT helpdesk.
9. Don't enter personal or financial information into pop-up windows.
One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a "Cancel"button may not work as you'd expect).
10. Update your computer software.
Keep your computer software updated.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment