Protect Yourself From Phishing And Online Scams

No matter how internet-savvy you are, you should always be alert to phishing and other online scams. While hackers try to break into databases to steal user information, phishers try to dupe you into giving up your username and password voluntarily, usually by having you enter your login information on a fake website. The best way to avoid these scams is to never access your business accounts via email links. Always enter the URL you know and trust directly into the browser. Also, make sure you always double check the URL and security certificate of a site before you enter any passwords.

Phishing occurs most commonly through email. A phishing email appears to be from a legitimate business and will ask you click on a link to change or enter your online account passwords, credit card numbers, or bank account information. If you click on the link, you will be taken to a fake website, which may look exactly like the official website of the real company, and even copy or mask the URL of the real company. Once you enter you password on the fake website, they immediately have your information.  Direct Communications and almost all other legitimate businesses will never request your personal information or any account information  through email.

Here are some recommendations compiled by The Anti-Phishing Working Group:

(Taken from http://www.antiphishing.org/resources/overview/avoid-phishing-scams)

Be suspicious of any email with urgent requests for personal financial information

• unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
• phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
• they typically ask for information such as user names, passwords, credit card numbers, social security numbers, date of birth, etc.
• phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure

Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle

• instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser

Avoid filling out forms in email messages that ask for personal financial information

• you should only communicate information such as credit card numbers or account information via a secure website or the telephone

Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser

Phishers are now able to ‘spoof,’ or forge BOTH the “https” that you normally see when you’re on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.

Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a ‘safe’ site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.

Remember not all scam sites will try to show the “https” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “hxxp://www.gotyouscammed.com/paypal/login.htm?” Be aware of where you are going.

ADDITIONAL RESOURCES

• The Phishing Guide — http://www.technicalinfo.net/papers/Phishing.html
• Internet Crime Complaint Center — http://www.ic3.gov/default.aspx
• Anti-Phishing Working Group (APWG) — http://www.antiphishing.org
• Messaging Anti-Abuse Working Group (MAAWG) — http://www.maawg.org/information-consumers
• Microsoft Safety & Security Center: How to recognize phishing — http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx