Avoid Falling Victim to Online “Phishing” Scams
As you open your e-mail inbox, your attention is drawn to an e-mail that purports to be from your bank. Upon opening the e-mail with curiosity, you read:
“Dear Valued Banking Customer:
It has come to our attention that your account information needs to be confirmed due to inactive customers, fraud, and spoof reports. If you could please take 5-10 minutes out of your online experience you will not run into any future problems with the online service. However, failure to confirm your records may result in your account suspension…”
Inactive customers? Future problems? Account suspension? Your initial concern is intensified after you read these warnings from your bank. You may be tempted to “click here to provide account information,” as the e-mail eventually prompts, to ensure that your account remains safe. But don’t! Take the bait and you could be hooked by a phishing scam like this one.
In a world that is becoming more technical all the time, phishing has become more than a spelling error. Phishing is a form of online fraud used by scammers to gain personal information through illegitimate but convincing e-mails and web sites. Rather than using worms as bait to make a catch, individuals who employ phishing tactics make seemingly realistic and threatening claims to gain access to your personal information such as social security numbers, personal passwords, bank account numbers, and other confidential information. If people are tricked into entering guarded information at a fraudulent web site, they can become the victims of identity theft.
According to the Anti-Phishing Working Group (APWG), a non-profit organization dedicated to eliminating online scams and fraud, 13,562 reports of phishing were made in September 2005 alone. A total of 5,242 new phony web sites were discovered and reported.
Although cases of phishing are becoming increasingly common, there are things you can do to avoid falling for these scams, hook, line, and sinker:
- Be conscious of the message’s greeting. If the e-mail contains a generic salutation but asks for personal information, this may be a hint that it is a phishing message. For example, if the e-mail begins, “Dear Valued Customer” rather than “Dear Your Name,” be cautious. Unlike spam that is often very obvious, phishing efforts can look legitimate. Look at this example of a phishing e-mail.
- Watch for misspelled words or grammar mistakes within the text of messages or on web sites. If a seemingly formal message has typos or spelling errors, it is unlikely that it originated from a legitimate, professional source.
- Pay attention to the URL or web address as phishing web sites often contain spelling errors or have strange looking sub-domains. For example, your bank’s correct URL may be http://www.youractualbank.com/, but a phishing site trying to get you to think you’re visiting your bank’s site may direct you to http://www.updateinformation.com/youractualbank—a fraudulent site.
- Check out a web site’s Privacy Policy before entering personal information anywhere on the Internet. Your private data may be sold to other organizations unless otherwise specified. By finding out how your information will be used, you may be able to avoid having your name given to another source, which in turn could send you spam or phishing e-mails.
Tips like these can be used as a starting point for avoiding potential scams, but the best defense against phishing is responsiveness. If you are feeling skeptical about an e-mail, call the organization that is supposedly behind it to verify the validity of the message. Remember that you should never be asked to give personal information in an e-mail.
If you do find a phishing scam, report it by using one of these web sites. Catch them before they catch you!
