|
|
 |
|
|
What's phishing?
Phishing is an Internet scam where scam artists send official-looking e-mails to people, attempting to fool them into disclosing their personal information, such as online user names and passwords, banking records or account numbers, social security numbers, etc. Phishing victims often reply to these e-mails with their information, or enter it on a phony website they accessed through a link in the e-mail. Phishing is dangerous because it can easily result in credit card fraud or identity theft.
How do people fall for that?
Phishers are tricky. They pretend to be from a legitimate bank, organization, government agency, or store, and then ask for your personal information, claiming it's urgent for some reason. Another type of bait phishers use is to claim to be the host of a lottery or contest, asking for your banking information in order to deposit your "winnings" for you.
Phishers use upsetting or exciting (but false) statements in order to elicit an immediate response from users. This is how they reel people in.
Phishing occurs more often than you might think. According to Mail Frontier, 6.1 billion phishing e-mails are sent world-wide every month!
The following is an example of an eBay phishing e-mail. It looks legitimate, but the web link included in the message sends the user to a fake eBay site where personal information is captured from the unsuspecting individual. The website mentioned has been shut down by law enforcement.
Subject |
eBay Account Verification |
Date: |
Fri, 20 Jun 2003 07:38:39 -0700 |
From: |
"eBay" <accounts@ebay.com> |
Reply-To: |
accounts@ebay.com |
To: |
|
Dear eBay member,
As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts.
You are requested to visit our site by following the link given below
http://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll?UpdateInformationConfirm&bpuser=1
Please fill in the required information.
This is required for us to continue to offer you a safe and risk free environment to send and receive money online, and maintain the eBay Experience.
Thank you
Accounts Management
As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.
Copyright © 1995-2003 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy .
Avoid getting hooked by phishers
Now that you know phishers' motives and methods, follow these basic security precautions in order to avoid becoming a phisher's next victim.
- Be on the lookout for phishy e-mails. If you receive an e-mail asking for your personal information, don't take the bait! If the sender is claiming to be from a legitimate bank or company, it's probably a phisher. Real companies do not operate this way--they always have a way to look up your information in case of a problem. If the sender is claiming to be from a lottery or contest, think about it--did you even enter that contest?
- Don't click on links or attachments contained in e-mails. Scammers try to lure people to phony websites in order to steal their personal information. Often times, the links will lead to pharming websites (read pharming security tips in the link provided at the bottom of the page). Check to see if the link's address listed in the e-mail matches the URL that appears in the bottom left corner of the window when you roll your mouse over the link. Also, don't open attachments unless you know what it is and who sent it to you. Phishers can send attachments that contain programs that will steal your personal information right off of your computer.
- Set up a spam filter. A spam filter can greatly reduce the amount of phishing e-mails you receive. The University offers a free spam management system, Sophos PureMessage.
- Test your phish-spotting skills. Try the Phishing IQ Test to see how good you are at discerning phishing e-mails from legitimate e-mails.
What should I do if I think something phishy's going on?
- Act immediately if you think you've been hooked by a phisher. If you've given personal information to a phisher, notify the companies who manage your compromised accounts right away. For information on how to put a "fraud alert" on your files at credit bureaus, contact the Federal Trad Commission's ID Theft Clearinghouse at www.consumer.gov/idtheft or 1-877-438-4338.
- Report phishing, whether you have become a victim or not. Tell the legitimate company that a phisher was impersonating. Also report the problem to the National Fraud Information Center and Internet Fraud Watch at www.fraud.org or 1-800-876-7060. Your report can prevent other people from becoming victims.
What's your Phishing Awareness IQ?
Now that you've learned a little bit about phishing and how to avoid getting hooked, test your new-found skills with this OnGuard Online quiz!
 Phishing quiz
More Information
Related Topics
 Back to top
|
