39
Avoid Phishing Like the Plague
Phishing is an illegal process for trying to get you to divulge your personal information, such as passwords, usernames, credit card numbers, bank account information, and Social Security numbers. In order to fool you, the e-mails appear to be coming from services to which you subscribe, such as PayPal, Youtube, Facebook, eBay, or your bank. The message provides a link to a Website that looks, feels, and smells just like the real thing; even experts have a problem knowing the difference.
Once on the Web page you are asked to enter personal information in order to log in and “verify” your identity—except that the information is captured for illicit purposes. Successful phishing trips often result in financial loss for the innocent parties and a long, exasperating process of reestablishing credibility and security with the accounts that were breached.
Knowing what to look for. Here are some ways to distinguish between a genuine and fraudulent message.
1. Recognize commonly used phishing phrases. For example, if you receive an e-mail that says any of the following phrases, assume that it is a scam, and delete the message.
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“If you don’t respond within 48 hours, your account will be closed.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
2. Look for bad spelling or grammar. Because many phishing scams originate in non-English-speaking countries, awkward language and misspelled words tell you that all is not what it seems.
3. Do they use a generic greeting? Phishing messages will not use information that is specific to your account. For example, a genuine message from eBay will begin with a greeting that includes your username. A phishing e-mail will begin with a non-specific greeting such as Dear Valued Customer.
4. Is there an attachment from an unverified source? If there is, don’t click on it. Doing so can release malware (malicious software that gets into your computer and does bad things) that invisibly finds and transmits security-sensitive information from your computer to theirs.
Anti-phishing software. Adding anti-spam software to your computer adds another level of security beyond that of your personal inspection of possible scam sites. Usually, this software, once installed, shows up in the toolbar of your Web browser. When you go to a possible phishing Web page, the toolbar alerts you to the hosting location (for example, a genuine PayPal site would not be hosted in, say, Korea), the name of the organization hosting the site, a risk rating, and any deceptive characters designed to hide the real URL. If you use anti-phishing software, be sure to update regularly so that your software is current with the latest fraudulent developments of the scammers.