Introduction
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing scams are just another attempt to get valuable information. Scammers send a mass email to every address they can find. Typically the message will appear to come from a bank or financial institution. The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so. This all sounds reasonable and it may look legitimate, but phishing scams are anything but legitimate. The link provided does not take you to the financial institution’s website. Instead, you will be submitting your information to a website run by the scammers.
“Phishing” ExamplesPhishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing scams are just another attempt to get valuable information. Scammers send a mass email to every address they can find. Typically the message will appear to come from a bank or financial institution. The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so. This all sounds reasonable and it may look legitimate, but phishing scams are anything but legitimate. The link provided does not take you to the financial institution’s website. Instead, you will be submitting your information to a website run by the scammers.
Fake Paypal messages are a favorite phishing method. Here are 2 Paypal phish. The first claims that the account will be suspended if your account information isn't updated. In the second, the scam claims your account information needs to be updated because they found incompatible information during a billing information check. Both have nothing to do with PayPal though they are designed to look “official.” Both use scare tactics to try to get you to act without thinking. The real PayPal never sends such emails.
Phone Phishing
Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.
Online Banking Phishing
Here is an example of an online banking phish that uses a security feature many banks and credit unions have in place—if an online banking user attempts to log onto online banking and fails a third time, the user is then locked out. They want you to panic, thinking someone is attacking your account and respond without stopping to think and check it out. Never respond to emails such as this. Your financial institution NEVER asks you to respond through an email link as this phish requests. If you were really locked out, you would have to initiate contact with the institution to get it unlocked.
How to prevent phishing
It is easy to uncover a crude phishing scam. For example, if you get an email from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information.
You need to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.
You need to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.
You should also examine the link provided. Does it really go where it appears to go? For example, I could tell you that I’m giving you access to the government’s Top Secret Database at https://www.TopSecretDatabase.gov but if you click the link you’ll find that you’ve been directed to a different site. The best way to prevent this is to copy and paste the link (don’t click it) to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.
If you have been snagged by phishing scams in the past, you need to be vigilant. First, let your financial institution know what happened. They will likely want to pursue the scammer, and they will monitor your account more closely. Next, It is always suggest that victims of phishing scams put a fraud alert on their credit report by contacting one of the major credit agencies. Finally, you’ll need to keep a close eye on your mail and your accounts. If statements stop showing up or if you see unusual activity, call your bank immediately.
No comments:
Post a Comment