Gone Phishing - Keeping the Thieves Out of Your Inbox
YOUR ACCOUNT WILL BE TERMINATED IF YOU DO NOT VERIFY WITHIN TWO DAYS.
So begins just one permutation of one of the most successful phishing emails going around today. What is phishing? It is an attempt to steal personal information through the use of email and clone websites. Thatís a simple explanation, but it does require just a little unpacking.
A phishing email is designed through clever hyper text markup language ďHTMLĒ to look exactly the same as an email sent out by a reputable institution such as a bank or online company. It has an exact replica logo, an exact copy of the language used in official documents and it has a link, not to the organization named, but to a clone site designed to take your information.
As a netizen, you are only one or two careless clicks away from handing your identity over to the most unsavory characters on the web. However, with a few simple rules, you can protect yourself against this threat and come to view the emails as a simple annoyance. When you follow these rules, thatís all a phishing email is; a simple annoyance.
The rules to protect yourself against phishing.
1. Never assume an email is from the institution on the subject line.
If you receive an email from the bank saying your account has been compromised, it may be from the bank. But in many cases it isnít.
2. Go directly to the source.
The easiest solution is to close the email and go to your bankís or whatever company is sending the emailís official site. This seems unnecessary, but Iíll add it just in case Ė if you receive an email from a company with whom you do not transact, just delete it. It isnít for you.
Log in to your account on the official site and if there is an issue, you will probably be informed on your account page. If you want to take it one step toward an even safer option (though in some cases much slower), locate your bankís or the companyís customer service number and call it.
3. Donít follow the link in an email to an outside site.
These thieves are talented. They can create sites that look EXACTLY like the site they claim to be. In one case, thieves even created a page that looked as though the user was on a secure server. It was anything but secure.
Whatever you do, never follow a blind link from an email and NEVER enter your account information onto an online form from a link out of your email. Could it be legitimate? Maybe. Do you want to take the risk if it isnít?
4. Donít open attachments unless you are positive of the senderís identity.
Many fake emails come with notes such as ďmembership verification form attached.Ē In these, the victim will open his or her computer up to Trojan horses, spyware, or viruses. An attachment is like a key to your home, you shouldnít hand it over to just anyone.
5. Donít reply to emails if you donít know who wrote them.
If your bank or mortgage company really needs to contact you, theyíll send a letter to your home or call you. When you reply to bogus emails, in many cases you are putting your email address onto a master spam list. The delete key is a perfect solution to the unknown sender.
The best way to stay out of trouble online is to make sure that you stay alert and in control. Follow these five rules and you will do exactly that. Remember, it only takes one filled in web form to steal your identity.
Donít let cyber thieves throw you back into the 20th century inconveniences of shopping (It wasnít any safer thenójust ask the people who had disreputable waiters or desk clerks steal their credit card information). The web can be a safe place to do business: Follow the rules and the world is at your fingertips. Ignore them and youíre taking unnecessary risks.
Per Contra Tech - Fall 2006