Everyone who has ever been online should, hopefully, know that the internet is packed full of threats, both real and virtual in nature. One of the more common of those threats is phishing which is, technically, theft via email.
If your email inbox is anything like mine then you probably receive several of these phishing emails each and every day. Experienced people will see them for what they are but the young, the old and those who are new to the internet may well fall prey to phishing emails which appear to be from legitimate businesses and organisations.
Typically, phishing emails are designed to appear as though they have been sent out from companies such as eBay and Paypal or from banks or, in other words, any organisation with which you may have an account that has money in it. Content-wise, phishing emails will usually tell the recipient that there is some reason why they need to update their personal details, such as for a ‘security upgrade’. Of course the scammer then thoughtfully provides a link in the email to aid the recipient and that link will take them to what appears to be a genuine looking website for whichever company is being used in the phishing scam. When the victim updates his or her personal information on that site they will, in fact, have handed all those details to the phisher.
Phishing scams, much like identity theft, are on the increase, mainly because they have proven to be so successful for those behind them. There are thousands of cases of people giving up valuable information, such as passwords, credit card numbers, bank account numbers, PIN numbers and social security numbers, to the people who have sent them phishing emails.
‘NO AUTOMATED DEFENCE’
For most areas of internet security I would advocate installing anti-virus software and a firewall. Where phishing emails are concerned, however, neither of those will offer any level of protection as there is no malicious or suspect code contained within them. Likewise, phishing emails are unlikely to be blocked by spam filters as they have, by design, been made to appear as they came from a legitimate source.
Those reasons are exactly why hackers and scam artists are increasingly resorting to phishing attempts.
As mentioned earlier, scam artists behind phishing emails are smart and know how to create emails and websites that look like they are official and from well know companies or organisations.
Some of the companies used in phishing emails are –
- Barclays Bank
- American Online
- Sony Ericsson
- Bank of America
- Wells Fargo Bank
- Chase Bank
- Best Buy
Of course that list above is far from exhaustive and just about any institution, financial or otherwise, could be used by these scammers. The fact that those names are so well-known is why they are used by phishers. They are capable of reproducing websites that appear to be totally identical to the originals in every detail.
The only difference between the spoof websites and the real ones are the URLs, though the phishers will have done their best to hide that fact by, for instance, using subdomains (e.g. paypal.theirdomain.com) or by using numbers that look similar to letters (e.g. paypa1.com)
HOW TO AVOID PHISHING SCAMS
As mentioned earlier, there is no software-based means of avoiding phishing scams. Therefore, commonsense is your best defence – always exercise caution when replying to any email that requests personal information or passwords used for online sites that you use. Also, never click on links found in such emails – even if you believe the content of the message is genuine you should type their web address into your browser directly to ensure that you are visiting the correct site.
Here are a few more tips for avoiding phishing scams –
- If you believe an emailed request for information is genuine then call the company to confirm before entering data on a website
- If you need to enter sensitive information on a website then look for a padlock in your browser’s status bar to signify that you are on a secure site
- If you believe that you have fallen victim to a phishing scam then contact the bank, credit card company, etc, immediately so that they can freeze your accounts
Have you got any further tips on avoiding phishing scams?