Find more Phishing Funda....

Loading

Sunday, February 24, 2008

An Alternative Method To Protecting Yourself From Phishing

Phishing is one of the leading trends in cyber crime. Basically, phishing occurs when websites that appear to be the one you are looking for are actually those belonging to people that want to steal your personal information. While some web browsers and internet security softwares will attempt to protect you from phishing attacks, they are not perfect. In many cases, the end goal of phishing is to obtain enough personal information to steal your credit cards numbers, or access to bank accounts.

Along with creating websites and emails that mimic legitimate businesses like paypal, phishing is also evolving into other trends. Basically, anything that will get you to transmit personal and financial information can be exploited for phishing purposes. This includes social websites, as well as those set up for the sale of merchandise.

One of the best things you can do is make sure that anything you enroll in online does not provide the same information that you gave to your banks and other lenders. This is especially important if you enjoy singing up for news forums, or other groups that ask identifying questions that you answered for your bank. As an example, the last four digits of your social security number, or mother's maiden name are very common questions. Unfortunately, in the hands of someone intent on phishing, this information can be used to obtain your credit card information.

Therefore, when it comes to online forums where you do not expect to engage in financial transfers, treat your password backups like a real password. This includes using a different backup for each site you enroll with. Also, you should use a "hardened password" that includes at least 8 letters, one number, and a non alpha-numeric character. Not only will this stymie phishing attempts, if they do try to use the information you gave them, you will know exactly what site the fraudulent activity came from.

If you find yourself wanting to open a financial account online, and need to provide information similar to what has been requested by your credit card company, or bank, the same advice applies. Simply treat your backup information like a secure password. With a legitimate bank or credit card institution, you can always call them later on and have these things reset if need be. This is far less troublesome than becoming the victim of a phishing attack.

Because cyber crime is only limited by the ideas that people get, many different schemes can be used to steal personal information. Over the years, phishing has evolved as the premier way to gain financial information and steal personal identities. Banks and many other financial institutions often utilize backup passwords or other information to help identify you. When enrolling in social groups, it is vital to treat this information like any other type of personal information. By using words or information different from what you would use with your bank, you may well help prevent a phishing attack, and also help investigators determine where it came from.

Sunday, February 17, 2008

Internet Security Suites

Installing the best Internet security software on one’s PC is an unwritten rule that many of us follow. We’ve heard countless horror stories of computer viruses and stolen identity; some making us swear we’ll never use the Internet again. But, let’s face it, the Web is essential to all of our lives and despite the risks, the benefits sure outweigh those detrimental aspects.

In order to fully protect your PC and find an Internet security software program you can stand hosting on your OS, it’s important to consider the following:

• Features-While most Internet security providers claim to ‘have it all,’ make sure you choose a software program with anti-virus and spyware protection, rootkit and spam protection, a firewall, and parental control functions, such as Security Shield 2008.

• Pricing-Everyone wants to save money and when choosing an Internet security software program, it’s vital to choose a great product with an affordable price tag. Security Shield 2008, for example, will run you $39.99 after mailing in their rebate.

• Ease of Use-Opt for a software program that is easy to install and doesn’t drain your system resources. CA Internet Security Suite Plus 2008, for example, provides an In-Product Tutorial if you run into any problems along your virus-scanning way.

• Customer Support-Make sure the Internet Security provider you go with has comprehensive customer support. Security Shield 2008 is covered by free technical support via email, phone and live chat. Many companies charge per-incident or by allotted time, so it’s wise to compare costs.

Most Internet security software programs run automatic updates and have real-time scanning capabilities, which are a must. Technology and Web-based threats aren’t static and in order to completely protect your PC, it’s crucial to choose a product that is both versatile and continuously updates itself.

Kelly Liyakasa is staff writer for 6StarReviews.com. Kelly Staller is site manager at 6StarReviews.com, a site dedicated to giving YOU, the consumer, the best product and service reviews around. If you like saving time and money by having someone else review leading sites and products, then Visit our site at 6StarReviews.com

Article Source: http://EzineArticles.com/?expert=Kelly_Liyakasa

Saturday, February 16, 2008

Phishing - How to Avoid Getting Caught

What is Phishing?
With so many of us online nowadays, it's inevitable that criminals familiar with computer technology have found ways to take advantage of it to make money. The Internet is almost impossible to police, as it crosses so many international borders, and criminals can operate basically from anywhere there's power and an internet connection. Phishing is just one of many schemes thought up by criminal minds to part us from our money.
Phishing is simply the scam of sending out a fake email in order to try and get the recipient to respond with private or financial information. You've probably received plenty of these - they pretend to come from a well known bank, tell you that someone has changed your password or that your account will be terminated if you don't confirm your details, and give you a link to click on.
Of course if you do actually click on the link, you'll be taken to a false website where the information you enter will be recorded and used to log in to your bank account or credit card and steal your money. In extreme cases, where the phishing attempt also gets private information such as your social security number, your whole identity may be stolen and used to apply for fake loans. Your financial and credit history can be ruined in literally hours, before you have any idea there's something wrong.
How Do I Avoid Being Caught?
While this sounds terrible, there are things you can do to lessen the risk of your information being phished. The first, and most important, is to NEVER respond to an email that appears to come from your financial institution. It doesn't matter how legitimate it looks, or whether it has the right logos in it. These businesses are well aware of the rapid spread of phishing, and the last thing they would do is confuse things by sending an email requesting your login details or for you to confirm a password.
If in doubt, call your bank by looking up the phone number - don't use any phone numbers included in the email - and ask them if the email is legitimate. Never click on any links or URLs contained in the email, don't reply to the email, don't acknowledge that you've received it - just hit the delete button as fast as possible.
When you're visiting websites, always be wary of supplying too much private information. Only supply such information if you're sure it's a legitimate site that you've navigated to by yourself, and there should be a locked padlock logo in the bottom of the browser so you know the site is secure. Never enter this kind of information at a website you've reached by clinking on an email link.
What Type of Phishing Emails Can I get?
Phishing isn't just limited to financial institutions. Many phishing scams imitate emails from eBay and well-known stores. They may appear to be a special offer, suggesting you click on the link to get a great deal on that particular item. The problem is that you'll end up at a website designed to steal your information, not the store's website. If you're especially interested in the deal being offered, call the store and ask if it's a genuine offer before clicking on anything.
If you do receive a suspicious email that you think is a phishing scam, it's always helpful to notify the company that it appears to come from. Some businesses have specific addresses for receiving phishing notifications, but many simply use postmaster@theirURL. PayPal can be reached via spoof@paypal.com. You can also report the scam to the Internet Crime Complaint Center, although this mainly deals with the more threatening and widespread phishing scams.
The important thing to remember is that you should never click on an email link without checking with your bank first. It doesn't matter how dire the consequences sound if you don't do it - that's all part of the scam. The more vigilant we all are, the less people will fall for phishing scams, and the better the chance that one day these criminals will give up and leave our inboxes alone.
Steve Dolan is an IT professional with over 25 years experience in the industry. Find out how to protect yourself from phishing by clicking
Phishing Attacks and avoiding spam at Spam Attacks
Article Source: http://EzineArticles.com/?expert=Steve_Dolan

Monday, February 11, 2008

“Phishing” for Suckers: Two Things You Should Look For In An email

“For Your Immediate Attention! Don’t Lose Your Account! Update Immediately!”

Bob opened the email and was confronted by the logo of one of his major credit card companies. He had been carrying the card for some time, and had used it for a lot of online purchases.

Understandably he was concerned with the message under the logo: “Due to online identity theft, we need to verify that the information in your account is accurate, or we will be required by the FTC to suspend it”.

Below was an itemized list of the information he was required to verify: his old account number, name, address, telephone number, social security number, and mother’s maiden name. The also wanted him to change the password to his account.

Panicked, Bob hit the reply button and started filling in the information. He didn’t want to lose that account. He had set up several online accounts using that credit card number, and used it to buy and sell in online auctions…

THE “PHISHERMEN” AND THEIR HOOKS

“Phishing” is a technique used by identity thieves to stampede people into giving out their credit information online. The scam has been around for awhile, and, unlike Bob, most people are aware that they should never:

• Be intimidated by a message found in an “authentic looking” email

• Reply by giving vital information to the “phishers”

• Open up any links contained within the email, which can download “criminalware” onto their computer.

We all know these facts intellectually, but when confronted by an intimidating message, many of us react emotionally, not rationally. Maybe I’m more easily intimidated than most, but I’ve found myself opening an email and feeling compelled to fill out the information the message demands.

I have to confess an incident that occurred when I almost did that very thing. In my own defense, however, I have to say that it happened before I’d ever heard the term “phishing”. Fortunately I became suspicious before hitting the “Send” button.

But I almost did it. I almost sent it off and thereby hanged myself.

THE LAKE IS GETTING CROWDED

Although the public is becoming savvier to this scam, the “phishermen” must be experiencing success because the Anti-Phishing Working Group, http://www.antiphishing.org/ reports that phishing incidents are on the upswing.

They list 28,571 consumer reported incidents in June 2006, almost double the reported numbers in June 2005.

More suckers are being “phished” than ever before, and as every honest fisherman knows, there is no bag limit on suckers.

HOW TO IDENTIFY LEGITIMATE EMAILS

Of course, the best thing to do when asked for vital information by someone purporting to be a legitimate credit card company or other institution is to call the company on the telephone and ask if the email in question does indeed come from them. Then, if it has, go to that site to change your information.

But there are a couple of “quickie” things you can look for in the email itself, which you should do if you are alarmed by the message and tempted to jump.

1. Check the “From” Address to see if the address is correct. It should come from a top level domain, i.e. ebay.com, not a sub domain such as ebay.security.com. A sub level domain can be obtained on line for free, and is not something a legitimate company would do.

2. Make Sure the “digital signature” is valid.

KNOW YOUR DIGITAL SIGNATURE

I don’t know if you’re like me, but my eyes glaze over when somebody mentions the words “digital signature”.

Basically, it’s just an electronic means of verifying that the email you received:

• Has originated from the source it claims to come from

• Hasn’t been intercepted and repackaged on the way.

An email that is “digitally signed” has a little red icon down in the lower left hand corner in the ‘To…From” box.

Click on that icon and you can find information about the sender. Be sure your email client is “S/MIME” compliant. “S/MIME” compliancy is supported by over 350 million email clients, including Microsoft Outlook, Lotus, Novel, Netscape and MacMail.

As noted on the antiphishing site, this is unspoofable for two reasons:

• It is strongly encrypted.

• It is generated when you open the email, not at the source

The email client has validated four things on receiving this email:

1. The email address in the “From” field matches the one in the digital certificate.

2. The certificate was issued by a trusted authority.

3. The message wasn’t tampered with in transit.

4. The certificate itself has not expired.

To put it simply, the certificate makes sure the email has indeed come from who it says it has come from, and hasn’t been tampered along the way.

To see what the certificate looks like, check out:

http://www.antiphishing.org/smim-dig-sig.htm

THREE WAYS TO PROTECT YOURSELF.

There are three good ways you can protect yourself from “phishermen.”

1. Call the company they supposedly represent. Don’t respond to alarming statements demanding personal information online.

2. Don’t open any links in the email. They can download “criminal ware” that can start gathering vital information off your computer.

3. Don’t open suspicious emails unless you have an “S/MIME” compliant email client and can view and open that digital icon.

LOOKING FOR SUCKERS

The phishermen are out there and still looking for suckers. Based on the rise in reported incidents they are still finding them. Armed with a little knowledge and a healthy awareness, you won’t end up in their “game bag”.

You definitely don’t want that…because the next stop is the frying pan.

Copyright 2006 John Young

John Young is a writer with a scientific and programming background. At the age of 62, he lives in California with his wife and pet cat “Bear”. His new book “Protect Yourself Against Identity Theft” can be found at: http://www.youridentitystolen.com

Phishing Filter - How to Use Phishing Filters to Prevent Any Information Theft

A lot of people are actually still afraid of using computers due to the fact that they can have viruses and people can manipulate them in order to serve their purposes.

This argument actually holds true but there are actually different types of "manipulations" that people can do. This is where anti-viruses and viruses come into play and one of the most recent developments is creating phishing filters.

Phishing is the act of "fishing" information via the internet, there are a lot of ways to do this from emails to spywares, and people can access your computer and steal your information without you knowing it.

Normally the accounts that people try to phish are financial accounts that cannot be subjected to information trace - especially if they can keep you locked out long enough to get the money into a bank and run away with it.

The most common ones in the internet are Paypal and Ebay Accounts. Apart from the usual spyware tools, scammers are using simple emails targeted at unsuspecting users. These emails come with subject lines like: "Last Warning", "Password Change Required" or "Your account is suspended" and a whole lot more.

These e-mails would appear to have come from eBay or PayPal and provide a link to their own phishing page. Now these pages are designed just like the original pages and the unsuspecting user ends up providing his/her sensitive information like username/password or Credit Card Information to these duplicate pages.

That's why I would like to add one piece of advice to all users that you should always see where the link is taking you by seeing the tool tip and then if it takes you to your usual Paypal address, follow the link.

Now in order to avoid this e-mail to ever land in your inbox you need to use a phishing filter. One of the most common ones at the moment is the Bayesian Filter that allows you to blacklist or whitelist certain individuals. It also easily integrates to popular email clients such as MS outlook.

By using this filter 90% of these types of messages will not arrive in your inbox, thus greatly increasing your phishing protection and it saves you a lot of time.

The next thing you need to use is anti-spyware software. One good program available in the market is called ad-aware by lavasoft. It is always updated and it is extremely simple to use. It runs through your computer like a virus scan - except that it only looks for spyware, which most of the time is not recognized by your virus scan as a threat to your system. Just download it and run it at least once a week and it will prevent any kind of phishing spywares to enter your system.

Now, all you need to do is just to keep these programs updated to protect your information and continuous awareness over phishing issues will also help you to be ahead of the curve and keep the scammers at bay.

Author and internet entrepreneur Bernard Pragides offers expert advice and tips regarding identity theft. Learn more about identity theft and fraud by visiting his identity theft blog and his website http://www.IdentityProtek.com for more helpful information.

Sunday, February 10, 2008

Phishing : How To Recognize A Phishing Email Message

Phishing is the practice of sending fraudulent email messages supposedly from a legitimate company or organization in order to trick someone into giving out personal and confidential information. This information could include a user ID, password, credit card number or even a Social Security number. At its most basic level, Phishing is a form of identity theft. It is one of the fastest growing cyber crimes, and there are estimates that 1 in 20 people who receive a Phishing email will respond to it with their personal information. Since the criminals who send out these Phishing messages are good at what they do, it’s important to be able to recognize a Phishing email so you won’t respond to their request and become a victim of identity theft. Here are a few signs that the message you have received might just be a Phishing expedition.

• The email message is generic. Phishing emails are sent out in bulk to thousands of people, so you’ll see a generic greeting like ‘Dear Valued Customer’ and not directly addressed to you by name.

• The message gives a false sense of urgency. Phishing emails are developed and designed specifically to push the recipient to immediate action. If there is no compelling reason to respond to the message, you won’t. But if there is a fear of some kind of consequence for not providing the requested information you might just be motivated to act quickly.

This fear, urgency or even panic created by a Phishing email begins right with the subject line. Here are a few examples from actual Phishing messages:

‘Online Alert: Online Account is Blocked’

’Fraud Report’

’Credit Card Declined Notice’

’Unauthorized Account Access’

The text of the message builds upon the initial sense of urgency. A message may state that your account will be closed within 24 hours if you don t verify your information. Sometimes the messages state that there has been suspicious activity on your bank account, or your credit card has been charged by an undesirable web site.

The criminals who send out Phishing emails have taken their scam to a new level. Now people are getting Phishing messages that offer a reward for responding to the message. The newest Phishing scam is a message that states you ve won a gift card somewhere (JC Penney, Circuit City and The Sports Authority have been recent ones), and you need to click the link in the email to provide the information where the gift can be sent. Other Phishing emails offer free enrollment in a fraud protection program by clicking the link and providing the requested information.

• The message states specifically “this is not a scam”. How does that saying go if it looks like a duck and quacks like a duck, it probably is a duck. Legitimate messages don’t need to state the obvious.

• A request is made to verify your information, and a link provided for you to do so. Phishing emails will use some tactic in order to trick the recipient into providing confidential information. This request is often tied in with the false sense of urgency created in the message. The link will take you to a very authentic looking site and ask you to fill in certain personal information. If you recognize you’ve made a mistake and you try to go back to a Phishing web site you probably won’t find it. The average lifespan of a Phishing web site in December 2004 was 6 days.

The link that is included in the email message for you to click and provide information might look legitimate, but it isn’t. Often the criminals will create a web site that has almost the same name as the original web site. They might add the word “verify” or use some other word along with the company name. You should never click a hyperlink in an email, especially if you don’t know who sent it to you.

Knowledge can be power when it comes to protecting yourself from identity theft and Phishing scams. Be aware of the tricks a criminal might do to steal your information, and don’t fall prey to them.

About The Author
Colleen Durkin writes about spyware protection. Learn more at http://spyware-removal.thrcomputer.com.

What is Phishing?

In the world of computers, phishing has become big business. Phishing, or attempting to gather information of a more sensitive nature such as logins, passwords, credit card or bank account details, has become far more prevalent today than it ever was.

Phishing is technically, just one more example of social engineering techniques that are used to trick a user into offering up their information to make it easier for the phisher to gather it.

The most recent attempts at phishing have been geared toward online banks and payment services consumers, and use emails which are purportedly from those services, or from the IRS (Internal Revenue Service) to gather information.

The emails now have begun to be targeted specifically at customers of a given bank or payment service and because they are more specific, have been given the new nomenclature-Spear Phishing.

One prevalent place that phishers will target are social networking sites, because such sites can be used to gather enough information to permit an identity theft. Nearly have of all phishing thefts between 2006 and 2007 appear to have initiated by groups doing business through the Russian Business Network which is based in St Petersburg.

There are several ways to combat phishing schemes, but the best way is education. Train the computer user, and particularly the novice user, to recognize phishing schemes for what they are and to avoid them.

Since most phishing is based to some degree on the impersonation of either a site, or a person who is in charge of that site, preventing it means finding some reliable method of determining a sites real identity.

One example is that some anti-phishing toolbars currently in use, show the domain name for the site you are currently visiting, permit you to add a nick name to it so that yo will know when you are visiting the same site again.

A general rule of thumb is that if an email comes with a banking or online payment site link, regardless of whether you believe that link is fraudulent or genuine, don't use it. Manually type in the url to the company that you use and investigate whether or not that site has asked for you to login or submit some survey or what have you, by checking your administrative messages once you are assured that you are on the genuine site.

Under no circumstances click on the link in the email, because having done so, there are times when your personal information is compromised simply by clicking the link.

If by some chance you do click the link and arrive at the suspect site, DO NOT enter information into the sites login, as those keystrokes are usually captured to permit the phisher to log into your genuine banking or online account site.

Abdul Hayi Mansoor, SEO Consultant Specialist, frequently writes informative articles about variety of topics including IT security issues.

How To Protect Yourself From Phishing

Protect yourself from Phishing scams that could lead to identity theft. I cannot stress this enough. Phishing scams are a hot topic lately that have grown with the popularity of online banking and social networking sites like MySpace, Facebook and Friendster.

The term Phishing comes from the analogy to fishing. The phisher uses a bait to lure victims into giving out personal information like passwords and credit card numbers. The bait is typically and urgent plea from one of the victims friends or trusted websites, asking for information to resolve some sort of problem with their account.

One of the popular Myspace phishing scams uses a domain name of RNyspace.com which shows up in the browser address bar as rnyspace.com, very similar to myspace. The site is designed to look very similar to myspace and tells you that you need to log in. You need to be very careful to check the address in the web browser whenever you are asked for login information or personal financial information.

Other typical targets for phishing include online banking sites, paypal, the internal revenue service and credit card companies. Internet users must be vigilant and always double check to make sure that the site you are giving your information to is actually the site you trust.

Phishing scams have a snowball effect. One the phisher has your login information it is very easy to contact your friends, pretending to be you, and get their information as well.

Anti-phishing software is a must for anyone that accesses the internet. Most of the internet service providers have some safety measures included as part of their online security software. Most web browsers also have add-ons that can detect most phishing scams. Unfortunately, these measures are not enough. Some of the more clever phishers have found ways to trick the anti-phishing software so you need to be cautious of suspicious emails and messages.

Phishing scams are not limited to the internet. Some phishers use the telephone to make requests for information. If you get a call from your banking institution asking for personal information, hang up and call your bank directly. Your bank will have your social security number and account information on file and should only ask you to verify a few digits.

If you feel that you have been targeted by a phishing scam it is very important that you report it to the company that the phisher is pretending to be. If you receive an email that you believe to be a phishing scam you should forward it to the FTC: "spam@uec.gov" so that others will not fall prey to these attacks.

You could also Phire back on Phishers by sending back false information that they will waste time actually trying to use.

Hobbyist writer/web developer. See more at http://www.how2life.com

Secret Tips To Prevent Phishing Attack

If you use your credit card online, then you're exposed to phishing attack. It's not just credit card users, but others who always entering their information through the Internet are also exposing themselves to this type of threat.

Phishing is define as stealing sensitive information using social engineering tactics. The phishers will attempt to duplicate trusted websites to retrieve your information.

Recently, researchers have found that the phishers can used a domain trusted by phishing filters to retrieve information from innocent users. This can become a headache because this attempt can bypass anti phishing filters and steal your information with the anti-phishing software installed.

How we can avoid this from happening? Nowadays, even trusted domain cannot be trusted.

I would like to suggest you to be very careful when entering your information to any website. Especially the websites that you do not trust.

If you're using the Internet Explorer 7, it has a built-in phishing filter. This built-in phishing filter can checks whether the website you're visiting is a suspicious website or not. But, don't rely on this filter too heavily.

Install a third-party anti-phishing software. It can help to protect you from phishing website. One anti-phishing software that I recommend is CallingID.

Remember to not click the link inside any emails you receive asking you to log in. If you receive an email asking you to update your banking information or something like that, type the URL directly to the web address. Do not click the link provided in the email. For example, if you receive an email from Paypal asking you to log in, type the Paypal URL directly to the web address instead of using the link provided in the email.

This can prevent phishers to steal your user name and password.

Everyday there will be attempt to steal our information and if we let our guard down, we might become their next victim. Before this happened, remember to take all the security measures that you know.

Even though we cannot have a water-tight security, but,it's best to take all the security measures that we can afford rather than have nothing against the phishers.

Azwan Asmat is the author of Chuang Computer Tips Want to know the secret of securing your PC from dangerous spyware, adware, and malware programs that can ruin your PC, your finances, and your sanity?!! Visit PC Safety 101 for more info.

Monday, February 4, 2008

Phishing 101 - How To Defend Yourself Against Phishing Attacks

What is Phishing?

Alarming numbers of Australians still do not know what the internet scam called 'phishing' (pronounced "fishing") is, nor are they adequately protected against it, a Galaxy survey has found.
Phishing is a type of fraud that tricks people into giving out their personal and banking information through hoax websites or phony emails which steal people's personal information, such as credit card numbers, account data, usernames and passwords. Many of the hoax/phishing emails may appear to come from legitimate and trusted business that you might have dealings with, such as, banks (eg. CBA) and online organisations (eg. eBay and PayPal), Internet service providers (eg. MSN and Google). The message may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, these emails lead recipients to fake websites designed to trick the customer into entering their personal banking details. This information is then used to steal your money!

Because the emails look so official and convincing, they are very effective for criminals.

Criminals send out millions of these fraudulent e-mails to random e-mail addresses, whether or not they are a customer of the organisation, in the hope of luring unsuspecting innocent persons into providing their personal banking details.

If the link is followed, the victim often also downloads a malicious program which captures his/her keyboard strokes including any typed information, such as banking login details and sends them to a third party.

How to Identify E-mail Fraud

So, how do you know if the email you received is fraudulent? Here are a few things you should know:

  • Your bank will NEVER send you an email, or call you on the phone, asking you to disclose personal information such as your credit card number, online banking password or your mother's maiden name.
  • Be suspicious of unsolicited emails that have a sense of urgency and warnings that your accounts will be closed or your access limited if you do not reply.
  • The email might claim that your details are needed for a security and maintenance upgrade, to ‘verify’ your account or to protect you from a fraud threat. The email might even state that you are due to receive a refund for a bill or other fee that it claims you have been charged.
  • Does the email look professional? While some fraudulent emails may look professional at first glance, if you look more closely you may notice spelling and bad grammar, unusual language or branding that is not quite right. Fraudulent emails are not personalised and, instead, are addressed in general terms, such as 'Dear valued customer'.
  • If you receive an email notifying you that an email money transfer is being sent from a person you do not know, delete the email as it is likely fraudulent.

How to Avoid E-mail Fraud

There are some simple steps you can take to avoid becoming the victim of phishing scams:

  • Be skeptical. Fraudulent emails can look like they come from a real bank and organisation email address. If you have any doubts about an email that looks like it is from your bank or a reputable company, contact them before responding to ensure that it is legitimate. But do not use the toll-free number, email address or website address provided in the email: they may link you to the criminals rather than the bank. Use a phone number, email address or website address that you know is correct.
  • NEVER send your personal, credit card or online account details through an email.
  • NEVER send money, or give credit card or online account details to anyone you do not know and trust.
  • Do not give out your personal, credit card or online account details over the phone unless you made the call and the phone number came from a trusted source.
  • Always enter your bank or organisations website using the website address (URL) that you know is accurate - use a bookmarked link or type the address in yourself: NEVER follow a link in an email.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorised charges.
  • Check your credit report at least once a year by contacting the Australian credit reporting agency Veda - Tel: 1300 762 207.
  • If the email links to a website, check the website address carefully. It's easy to disguise a link to a site. Scammers often set up fake websites with very similar addresses (eg. substituting similar-looking characters, so that paypal.com could be (and has been) spoofed as paypaI.com or paypa1.com. Similarly, a zero can be substituted for the letter O within a URL.) The longer the URL, the easier it is to conceal the true destination address.
  • Do NOT cut and paste a link from the message into your Web browser — as mentioned above, phishers can make links look like they go one place, but that actually send you to a different site. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a 'refund'. Because they use VoIP (Voice over Internet Protocol technology), the area code you call does not reflect where the scammers really are. If you need to reach an organisation you do business with, call the number on your financial statements or on the back of your credit card, or type in the web address yourself.
  • NEVER enter your personal, credit card or online account information on a website that you are not certain is genuine.
  • On the Internet, whenever entering personal information, ensure that you are using a secure website. Look for https:// rather than just http:// in the address bar of your Web browser as well as a closed padlock in the bottom right corner of your browser.
  • Make sure that your computer is protected. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up-to-date. You should also install a personal TWO-WAY firewall to act as a barrier to viruses and other external attacks and check for operating system patches and upgrades on a regular basis.
  • Do NOT open suspicious or unsolicited emails (spam): delete them.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
  • Update your browser.
  • NEVER use public computers to access private information. Internet kiosks at hotels and other businesses are convenient but often have Trojans and keyloggers installed that collect and transmit your information to the criminals.

What Should You Do If You Receive a Fraudulent E-mail?

If you suspect that you have received a hoax email, you should take the following action:

  • Axiom suggests that you treat phishing emails as spam and delete the email immediately from your Inbox and Deleted Items folder without opening.
  • Do NOT reply to the email, and do NOT click on any links in the email, or open any files attached to them. Never call a telephone number that you see in a spam email.
  • Spam emails are a proven method for distributing viruses and other unwanted programs. If you have clicked on the link within the email, complete a full security scan of your computer (to check for computer viruses, trojans and spyware).
  • If you have responded to any email by providing your confidential information, or believe you are a victim and have lost money as a result of phishing activities, please contact your financial institution and the local police immediately.

Final thoughts

Criminals have learned that they do not need to pull a gun on you to get your wallet or purse. They're using the Internet to steal your money and identity! Take a few simple steps to stop them, and don't become an identity theft statistic.

David Furlong is a qualified and experienced IT specialist and Technical Trainer. His list of credentials includes MCSE, MCSA, Dip IT, and a Masters in Networking and Systems Administration.

As manager of a computer consultancy firm, Axiom Networking Solutions, he recommends AVG Internet Security to his clients as a solid and reliable choice. For more information or to download your FREE 30 day AVG trial, please visit http://www.avg-antivirus.com.au

 
Copyright 2009 Phishing : A Online Robbery.. Powered by Blogger Blogger Templates designed by Deluxe Templates