Phishing is essentially an online con game, and phishers are just tech-savvy con artists and identity thieves. They use
spam, fake Web sites, and other Internet technologies to trick people into divulging sensitive financial information. Unfortunately, the incidence of phishing fraud is growing exponentially.
In a typical phishing scam, phishers send out mass emails, which appear to come from a legitimate online vendor or financial institution. Emails usually contain an urgent message, baiting unsuspecting individuals into submitting sensitive data. Often the messages direct recipients to a fake Web site where the phisher attempts to collect information.
Phishers have begun to use more sophisticated devices:
- pop-up windows containing misleading messages
- URL "masks" that simulate real Web addresses
- keystroke loggers that capture account names and passwords
To protect yourself against phishing, follow these basic guidelines:
- Be extremely wary of emails asking for confidential information—especially of a financial nature. Financial institutions and other responsible companies do not request sensitive information via email. If you receive this kind of request, report it to the company.
- Don’t let them pressure you into providing sensitive information. Phishers like to employ scare tactics. They may threaten to disable an account or delay services until you update certain information, but don't be fooled. Instead, contact the merchant directly to confirm the request’s authenticity.
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized. Meanwhile, emails from your bank or ISP often reference your business or your account. Again, confirm the authenticity of any suspicious request.
- Never submit confidential information via forms embedded within email messages.
- If you need to submit corporate credit card numbers or other confidential information over the Internet, make sure the site is secure. To confirm you're on a secure Web server, check the Web address. It should begin with "https://" rather than "http://".
- Regularly check your bank, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers.
- For additional advice, visit the Anti-Phishing Workgroup.
Phishers trick people into divulging sensitive financial information. Now is the time to learn to spot a phishing attack.
