Phishing is a crime being perpetuated on the unsuspecting computer user to gather private information. Phishing uses technical means such as e-mail, instant messaging (IM) or phone calls to request information such as passwords or login names. Phishing has been around for years, but is becoming more prevalent. Early attempts at phishing were used to steal access to people's online computer accounts (i.e. web-based email), which were then used to send spam or send out copies of pirated software.
Modern phishing often focuses on more direct means to financial gain...namely getting access to your bank, credit card or other financial accounts (i.e. PayPal, E-bay).
Victims of phishing will receive a message from the attacker that asks for specific personal or private information. For example:
- Mr. Smith, due to problems with your PayPal account, we need to validate your username and password.
- Ms. Wilson, we are upgrading our servers and need all account holders to provide additional important account information, such as date of birth and address.
www.usabank.login.com might fool some people into believing they were really going to a login site associated with www.usabank.com.
DefensesYour Brain: Your best defense against phishing is to be constantly on guard. Companies have no need to ask you for your username or your password to revalidate your account, etc. If anyone asks you to provide additional information about yourself or account, after you have set up the account originally, then immediately contact the company directly using one of the following methods:
- Use your browser and type in the real URL for the company you are dealing with and verify on their website whether they are changing their data gathering requirements (guaranteed...if they need more info from you, it will be listed on their homepage).
- Find the phone number for the company (i.e. the number on the back of your credit card or on your company's true website) and give them a quick call.
As soon as you visit the site, Firefox will produce a warning notice that allows you to leave the site immediately or to ignore the warning. See example below.
Anti-spam Filters: Additionally, anti-spam filters for your email will help to keep most spam-based phishing messages out of your inbox in the first place.
Good luck and safe surfing.