The Internet is a way of life these days. We use email as an important business tool, and to keep in touch with close friends and family. The Internet has become a popular and reliable medium for everyday commerce and communication. And we've grown to trust the people doing business there. However, online scam artists have begun to take advantage of that trust. These individuals, called phishers, use a combination of spam, brand hijacking, and scare tactics to bait their hooks and reel in private information. Fortunately, with some basic education, a good measure of caution, and the proper tools, you can steer clear of phishing nets and keep your identity safe.

How phishing works

In most cases, phishers send out a wave of spam email. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email almost invariably requests information, sometimes directing the recipient to a spoofed Web page. The Web page, like the email, appears authentic, and in some instances its URL has been masked so the Web address looks real. The page urges the visitor to provide confidential informationsocial security numbers, account numbers, passwords, etc. Because the email and its corresponding Web page seem legitimate, the phishers hope at least a fraction of recipients are fooled into submitting their data.

Phishers are also beginning to use more aggressive techniques, like planting viruses to do their dirty work. Some of these viruses have been known to lie in wait until conditions are ripe for capturing information. They monitor your Internet activities and spring into action when you visit a particular site, either diverting you to an impostor site or capturing your keystrokes as you type in passwords, account numbers, or other vital information. And unless you have good virus protection you have no idea malicious code has made its way onto your hard drive.

Although the quality and complexity of phishing scams are increasing, you don't have to become an antiphishing expert to protect yourself. A good dose of caution and common senselike the actions suggested in the following tipswill reduce the likelihood you'll become a phishing victim.

How to avoid phishing scams

Be extremely wary of any email asking you to provide confidential informationespecially of a financial nature. Financial institutions rarely, if ever, request sensitive information via email. If you receive this kind of request, call to confirm the sender's identity and the validity of their request. Never provide this information online.
Don't get frightened or pressured into divulging information. Phishers like to use scare tactics, employing urgent language to pressure you into submitting confidential data. They may threaten to disable an account or delay services until you update certain information. Don't be fooled. Instead, contact the merchant who apparently sent the email to confirm its authenticity.
Watch out for generic-looking requests for information. Fraudulent emails are typically not personalized. Legitimate emails from your bank or ISP routinely address you directly. Again, confirm the authenticity of any suspicious request before responding.
If a suspicious email contains a link to a Web page, don't click on it. Instead, verify the purported company's URL and type it into the address bar of your browser. That way you'll be sure to reach a legitimate site.
Never provide confidential information via forms embedded within emails. Instead, communicate that information over the phone or through a secure Web site.
Whenever you submit credit card numbers or other confidential information over a Web site, make sure the site is authentic and uses encryption to secure your data. If a page is using encryption, the browser should display a "locked" icon in one corner. You'll also notice the Web address is a little different. It will begin with https rather than http. Please note, however, some phishing sites place fake lock icons on their pages. Therefore, make sure the icon is part of the browser's window frame, not part of the Web page itself. And just because the site's address begins with https, and therefore appears to be using encryption, doesn't necessarily mean the site is secureor even authentic. Sophisticated phishers have begun using URL masking techniques to mimic the secure addresses of actual companies. So, before submitting your information over an apparently secure site, call the site's owner to confirm the URL's authenticity.
Check your online accounts frequently. Make sure all listed transactions are valid, and if they aren't, contact your bank or credit card company immediately.
Keep your browser and operating system up to date. Check regularly for patches and upgrades, paying special attention to security-related updates.
Secure your computer with a good personal firewall, antivirus solution, and antispam program. These tools reduce your exposure to spam-based phishing scams and protect against the viruses and other blended threats phishers have begun to use.

Taken together, these actions reduce the likelihood you'll get caught in a phishing net. However, you still need to stay abreast of new phishing tactics and strategies. You also need to keep your security software current. So, check in regularly with Club Symantec and Symantec Security Response to get the latest information and to make sure all your security components are up to date.