What is phishing?
Phishing is a form of "social engineering" in which a cyber-crook uses social skills to obtain or compromise individual personal information. Phishing attacks are delivered through email, pop-up messages, web forms, fake advertising and survey forms or malicious web sites to trick the recipient into revealing personal information, often financial.
Where does phishing come from?
Phishing is delivered by Internet fraudsters through email, chain letters or pop-up messages, often by forging the identity of well-known financial institutions. Phishing also known as brand spoofing or carding include email that seemingly originates from a business, organization or individual that you deal with; a reputable credit card company, bank, government agency or online payment service like PayPal. The polite crooks request updates, validation, pass-code changes or confirmation of account information, often suggesting that there is a problem. The user is redirected to a fake site and tricked into entering their user account information, which is saved and used for unlawful and fraudulent purposes. Targeted groups have typically been people in the corporate world and against banking customers, but increasingly, phishing attacks are reaching students and retired people; such practice is also considered a type of Identity Theft.
How does phishing affect my computer?
Besides the risks of spam, phishing doesn’t necessarily harm your system, but ONLY you and it can do a lot of damage if it results in identity theft. Once you have been tricked into revealing your personal information, the crooks fake your identity and run up bills or commit crimes in your name.
How do I protect my personal information from phishing?
* Have good email habits—do not respond to the links in an unsolicited email, instant message or chat
* Do not open attachments from unsolicited email—practice common sense
* Protect your passwords or social security number and don’t reveal them to anyone
* Do not give-transmit sensitive information to anyone—on the phone, in person or through email—unless you are sure that they are who they claim to be and that they should have access to the information
* Check a website’s security before sending sensitive information over the Internet
* Look at the site’s URL. In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov) but it should show a (https:// and pad-lock on the bottom right)
* Install and maintain anti-virus software, firewalls, and email filters to reduce spam
* Keep your browser up-to-date and apply security patches, you can also signup for LIFELOCK to keep your identity secured.
If you believe you have compromised sensitive information about your accounts or organization, contact your financial institution, Credit Card Company or appropriate authorities. Contact credit bureaus and issue a fraud alert. Phishing cases should be handled seriously and reported to local police. You can also file a report with the Anti-Phishing Working Group (APWG).