Written by: Frank Shiery, Consultant, CEH-Security+, IT Solutions
Suppose you check your e-mail one day and find a message from your bank. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do?
This message and others like it are examples of phishing, a method of online identity theft. Phishing is a scam where Internet fraudsters send communications to trick unsuspecting victims into revealing personal and financial information that can be used to steal one’s identity. Phishers may claim to be, but aren't really, from a business or organization that you might deal with (such as ISPs, banks, online payment services and government agencies). Phishers may also claim to be from an organization that you have never had an association with.
Phishing scam artists re-create pages using information from legitimate web sites in hopes of fooling consumers into providing their personal data. The web sites look real and the information sought seems justified. The e-mail may ask you to provide critical account information by replying or clicking on embedded web links which will take you to a site that may appear legitimate, but is actually a malicious site set up to steal your information. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.
Over the years, these scammers have gotten smarter and have created phishing schemes with far greater stealth. So collecting valuable user information started out with phishing tricks to get the user to type it into a phony web form/site, now the user does not even know the malware has loaded into their system when they visited a popular infected site, and that it has logged keystrokes and sent a file back to the “dark side."
This article is not intended to scare you, but make you aware of the different threats out there on the web. So how do you avoid falling victim to these phishing attacks? Simply being aware that phishing schemes may pop up at any time in your e-mail inbox or in your web browser is probably the best way.
Spotting a phishing e-mail or a bogus web site is not always easy. Sometimes, it contains obvious spelling or grammatical errors. In other cases, the errors are harder to spot and there are no visible signs of foul play.
To avoid getting hooked by such bogus e-mails, here are some tips to help safeguard your personal information:
While there are a number of measures your IT provider takes to limit the amount of phishing attacks that occur, it is always wise to be cautious about any unusual messages you receive or sites you are directed to. So think before you click. The best practice for you as the user is to either immediately delete it or report it to your IT manager or consultant.
For more information about phishing, contact your VCIO or call 215.886.7166.