Have you ever received an e-mail from your bank or credit card company that looks like this?
Currently, we encountered several type of phishing e-mail that has been reported circulating. What is this about?
HowStuffWorks.com explains that phishing is a common method of online identity theft and virus spreading.
It is believed that the term originated from the word “fishing,” as in “to fish for information.” In phishing, the phisher sends a fraudulent e-mail message that appears to come from a reputable source to entice an individual to provide personal and confidential information such as user IDs, passwords, account and Personal Identification Numbers (PINs) that the phisher may unlawfully take advantage of.
Phishing is often accompanied by spoofing. In a phishing e-mail, a hyperlink is often provided which, when clicked, leads the user to a phony or spoofed website. It is here that the unsuspecting victim keys in his personal and financial data.
Phishing is difficult to detect at a glance because it contains official-looking logos and other identifying information from legitimate organizations. But phishers tend to leave telltale signs in e-mails and web pages that you can watch out for.
A phishing e-mail normally starts with a generic greeting, such as “Dear Customer” or “To our valued client.” Phishers send out millions of messages to randomly generated e-mail addresses hoping that people who can relate to the message would reply to them. Banks, on the other hand, personalize their greetings and indicate your full name when sending official correspondences.
Most phishing e-mails include threats requiring immediate action. They contain phrases such as “Verify your account, “Update your account,” and “Failure to do so will result in account suspension.” In the example above, it can be construed that phishers have learned to use positive reinforcement to convince people to give out personal data.
Mainly all phishing scams will request your personal information. Most legitimate banks will not demand this information online or through e-mail.
Phishing e-mails frequently have misspellings and poor grammar. Professional organizations usually have a team of copy editors who proofread and edit advisories and notices before they send them out to the public.
As mentioned earlier, phishing e-mails always contain hyperlinks that trick people to go to spoofed websites. A Microsoft article on phishing warns that links that are longer than normal, carry the @ symbol or contain misspelled names of organizations are suspicious and could be signs of phishing.
Universal Resource Locators (URLs) can also be masked. In the example provided by Microsoft below, the attached URL seems to be valid but mousing over it (resting your mouse on the link and not clicking) displays a string of characters that looks nothing like the company’s real Web address.
Below is how a spoofed website of XYZ Bank would look like – an exact copycat of the original. But it would reveal its true URL
(http://www.dequioionsemele.org/dequoi/xyzbank.htm) and not the bank’s website address (http://www.xyzbank.com).
If you receive an e-mail or pop-up message from your bank or credit card company or from businesses that you regularly transact with such as eBay or Amazon and you suspect it is a phishing scam, do not reply to it. Just ignore and delete the message.
Do not click any links in the message. Rather, type the company’s website address directly into your browser or use your personal bookmarks when going to certain sites.
Check if a website is secure by checking if the URL begins with an “https” and if a closed padlock icon is displayed on the browser’s status bar. To confirm authenticity of the site, double-click on the lock icon and review the security certificate information it will display.
Also, be cautious about opening any attachment or downloading any file from e-mails that you receive. Scan files for viruses. Keep your anti-virus and anti-spam software up-to-date.
As much as possible, do not disclose personal or financial information being asked through e-mail. Remember that banks and financial institutions generally don’t e-mail you for important information. Call your bank or send a letter to verify if such request is real.
Now, if you think you have given out information to a phisher, report the incident immediately to the company that was spoofed. Contact the bank, credit card company or lending institution for which you disclosed personal information.
Routinely review bank and credit card statements for unexplained charges you did not initiate.
Change your passwords and PINs to all your online accounts that you think may have been compromised. If possible, close those accounts.
Phishing is not restricted to e-mail form only. Scammers are becoming more artistic and seek out victims through cell phone or SMS, chat rooms, fake banner ads, message boards and mailing lists, fake job search sites and job offers and fake browser toolbars. It’s up to us now to decode the unseen. Protect our hard-earned money. Don’t get hooked by phishing!