Internet Security

Phishing Scams

What is "Phishing"?

Phishing is the term created by Internet con artists who imitate legitimate companies in e-mails to trick people into sharing user names, passwords, account information or credit-card numbers. The term Phishing comes from the fact that these con artists are using increasingly sophisticated lures as they "fish" for users' private information. The most common trick is to copy the look and feel of a web page from a major site and use that design to set up a nearly identical page that appears to be part of the company's site.


How can I avoid Phishing scams?

There are several steps you can take to help avoid these scams:

  • If you receive an E-Mail requesting personal information, account information, or even user names and password, remember to use caution. If you question this to be a valid E-Mail, contact the company in question. Most all companies will have a contact number, physical address, or support E-mail address if you have questions.
  • If you need to enter a credit-card number, make sure that you are using a secure server. One quick way to check this is in the address bar of your browser, the address should start "https://" not just "http://". A secure page helps ensure that your personal information is not seen by an unwanted party.
  • If you need to enter personal, account, or credit-card information on a website, check the address bar on the browser. The address located there should match the domain you wish to send this info to. For example, if you are entering information for yahoo, the address should contain their domain "yahoo.com", not something like this http://209.121.54.23/%tsdf%#/customer.html.
  • Contact your bank or credit card company if you think you may have replied to a phishing E-Mail with sensitive personal information.


Are there any tools to help fight Phishing?

There are many tools out there to help make identifying and fighting the battle against Phishing easier. Some of these tools are free and some you have to buy. Most of these tools attach themselves to your browser and help tell a true site from a false one. Three of the most common free anti-phishing tools are Spoofstick, PhishNet and TrustWatch. Spoofstick is a program that attaches to your browser and shows you the actual website, not the possible spoofed one in the address bar. PhishNet is another program that attaches to the browser. This program tells you if the site is a known valid secure site, unknown site, or a known phishing site. This program will also store usernames and passwords for you in a encrypted file called the vault. The vault will only hand out this information with your approval, thus letting you know when a program is trying to pull your personal info. The third program TrustWatch is also a program that will attach to your browser, this program also uses the real-time validation of websites according to their database. If the website is a valid known site, it will let you know. It will also let you know if it is a verified phishing site, or unknown one. All of these tools are available from their respective websites for free download, just click on the name of the program you are interested in above.

Also Microsoft has put out a security update for Internet Explorer that will help you avoid Phishing scams. It removes a vulnerability that could allow an attacker to spoof the location of a web page in the address bar of the Internet Explorer window. It is highly recommended that you apply this patch if your computer has Internet Explorer installed (even if you do not use Internet Explorer as your primary web browser). To install this security update, please visit this Microsoft site, which also includes additional background information.

For more information on Phishing, and how to protect yourself click on the links below:

 

 

Go Back