Common Questions about Phishing Attacks
|
Today Phishing attacks are more common than ever, but because of sophisticated techniques,
they’re harder and harder to spot. A lot of our readers have sent us questions about how to
recognize them and not fall into the trap of phishers. Realizing that there are a lot of
people of there who may also want this information, we decided to publish all of our answers.
We hope this helps better protect your privacy and identity!
|
Question:
I regularly receive email from banks and other online companies. How can I tell which emails are legitimate
and which are fraudulent?
Answer:
The biggest giveaway as to whether an email is legitimate or fraudulent is whether or not you have an
account with the company that appears to be sending the email. Oftentimes fraudulent emails are mass-mailed
to every email address the "phisher" can get their hands on. This means that you may frequently receive emails
from banks and companies that you have never heard of, let alone done any business with.
However, there are several companies that a large number of people use and so become very tempting
targets for scammers. Ebay, Paypal and Amazon are three of the most common targets. Even if you have
an account with a company that you receive an email from do not assume that it is legitimate! There are
several steps you can take to verify the authenticity of an email.
1) Never follow a link that asks you to enter personal information.
If you must enter information (such as login or other account information) always go to the correct
website manually before entering it.
Oftentimes links in an email might appear legitimate, but they are disguised to take you to a completely
different website. Worse yet, these websites are often exact copies of the website you thought you were
going to, so its almost impossible to tell if its legitimate! And all the while, phishers are behind the
scenes, just waiting for you to enter your credit card details.
2) Make sure that the email is addressed specifically to you.
Oftentimes because fraudulent emails are sent out in bulk, they are addressed to generic terms such as
customer or client. Legitimate emails usually refer to you by name, or at least the user name you
provided when you signed up. Also, most legitimate emails will reference personal information
that you have provided the company with.
3) Beware of overly vague and awkward language.
Oftentimes fraudulent emails will reference vague problems dealing with "technical upgrades" or
"account problems" without giving any specific information. Also, poor grammar and awkward language
can be a dead giveaway.
4) Skepticism is you friend.
It may be a cliché, but it is still better to be safe than sorry. If you have any doubts about
the legitimacy of an email (and you should if it is unsolicited), then do not click on any links
contained in the email and do not follow any instructions it provides without first checking with the
company that is supposedly sending the email. Most companies have toll free telephone numbers and
customer support email addresses for you to contact them with concerns such as this, so do not be afraid to use them.
So unless you are completely sure of the authenticity of an email, do not click on any links, follow any
instructions and under no circumstances open any file attachments.
Question:
I know to watch out for and delete fraudulent email, but is there anything else I can do about it?
Answer:
Fighting back against fraudulent email is difficult because most of the time the perpetrators take great
pains to mask their identity. However there are still several steps you can take.
1) Do not click on any of the links, open any attached files or follow any instructions contained in the email.
The biggest reason that so many of these emails get sent out is because they work.
If people stop responding to them, these fraudulent emails will no longer be valuable to
phishers and hopefully they will stop sending them.
2) Report the email to the company that it appears to be coming from.
The three biggest targets for fraud (Amazon, Ebay and Paypal), all have email addresses to
specifically target fraud. Simply forward the fraudulent email to report the incident.
For Amazon the email address is: stop-spoofing@amazon.com
For Ebay the email address is: spoof@ebay.com
For Paypal the email address is: spoof@paypal.com
Most large companies have similar email addresses (usually a variation of spam@company.com,
abuse@company.com, fraud@company.com or spoof@company.com). If you are unable to find an email address,
chances are you can find a toll free number and talk to someone directly.
3) Report the email to a third party monitoring group.
There are several watchdog groups who keep records of fraudulent email in an effort to fight it.
You can forward email to two of the largest private groups at
reportphishing@antiphishing.org and
report@reportphish.org.
Also, the US Government has an email address you can use as well: spam@uce.gov.
Question:
What types of companies are the most susceptible to email fraud?
Answer:
Banks, especially those with a large online presence are one of the biggest targets.
Also, large online merchants and other sites dealing with transferring money are frequently
used as targets of fraudulent emails.
Question:
What are some of the consequences of being a victim of email fraud?
Answer:
The biggest consequence is identity theft. This is when someone unlawfully
uses YOUR personal information to apply for credit in YOUR name. If successful,
the identity thief is able to obtain credit cards in your name, open bank accounts,
take out loans and more. Because you don’t know about these accounts, the identity thief can run up
huge bills and fail to make payments. This type of reckless behavior can ruin your credit rating
and possibly leave you liable for any damages they incur and money they spend. And worse yet, because
the bills are not coming to you, it can take months or even years, before you even find out about it!
Question:
What are some preventative measures that I can take?
Answer:
In addition to maintaining a healthy skepticism about any unsolicited email you receive,
installing programs such as spam filters,
virus scan, privacy software,
a secure browser and
personal firewall software can help to protect you from phishers
(as well anyone else trying to gain access to information on your computer).
You should also closely monitor any accounts you have online for suspicious activity.
By reviewing these accounts on a regular basis you can catch any possible fraudulent activity
and take action before it becomes a much larger problem.
You can also regularly review your credit report online at https://www.annualcreditreport.com/cra/index.jsp.
Question:
What can I do if I have already responded to a fraudulent email?
Answer:
If you have potentially given personal information to a phisher then you need to take immediate action.
Contacting the company that you gave your information for should be done as soon as possible.
If possible, cancel or freeze any accounts that you have with them and check to ensure that there
has not been any illicit activity.
As mentioned above you can check your credit report online at
https://www.annualcreditreport.com/cra/index.jsp
to check for any suspicious activity that would be indicative of identity theft.
You should also contact the FTC (Federal Trade Commission, http://www.ftc.gov) to file a complaint.
The FTC can also be reached by telephone at 1-877-FTC-HELP. If you suspect that you have been the
victim of identity theft you should also visit the FTC’s website dealing with identity theft which
is online at http://www.consumer.gov/idtheft/.
Recent Phishing Attacks
Not sure if it's a phishing attack? Check out our archives to see some documented
phishing scams.
How do you protect yourself from a Phishing scam?
First, it is important to understand that legitimate businesses should never ask for
your personal information through an email. But since not all legitimate businesses follow
this protocol, you should have some extra protection to know the difference between an
honest email and a hoax.
With Secure IE Browser Security you can rest assured that no phisher will be able to
fool you.
Secure IE's Security Manager allows you to corral your favorite sites (like your bank or
eBay etc) into security zones that you can see at the bottom of your browser
window. Think of security zones like you would a traffic light. Green means "Go",
Yellow means "Caution" and Red means "Stop". If you click on a link in an email and it
sends you to what you think is your bank's website, simply check the security zone at the
bottom of the page.
Since you trust your bank lets say you have categorized it as:
However, the link you clicked on takes you to a page that looks like either of these:
Since the security zone is different, this immediately warns you that you are in
dangerous waters and it is likely the site is an imposter.
Phishing is just one of the ways that a hacker can attack your computer.
Here's how Secure IE's multifaceted security protects your computer:
- Stops Spyware at the point of entry by restricting ActiveX to a
"safelist" of authorized software
- Blocks popups that are often used by hackers as a gateway to installing
programs you don't want on your system.
- Features an automatic security tune-up that scans your PC, detects and
corrects current browser security problems.
Get the Protection You Need
|
Privacy Policy
Home
