Online Threats - Phishing
What is phishing?
Phishing is a form of "social engineering" in which a cybercrook uses social skills to obtain or compromise personal information. Phishing attacks are delivered through email, pop-up messages or malicious web sites to trick the recipient into revealing personal information, often financial.
Where does phishing come from?
Phishing is delivered by Internet fraudsters through email or pop-up messages, often by forging the identity of well-known financial institutions. Examples of phishing (also known as brand spoofing or carding) include email that seemingly originates from a business or organization that you deal with; a reputable credit card company, bank, government agency or online payment service like PayPal. The polite crooks request updates, validation or confirmation of account information, often suggesting that there is a problem. The user is redirected to a fake site and tricked into entering their user account information, which is saved and used for unlawful purposes. Targeted groups have typically been people in the corporate world and against banking customers, but increasingly, phishing attacks are reaching students and retired people.
How does phishing affect my computer?
Besides the risks of spam, phishing doesn't necessarily harm your computer, but it can do a lot of damage if it results in identity theft. Once you have been tricked into revealing your personal information, the crooks fake your identity and run up bills or commit crimes in your name.
How do I protect myself from phishing?
- Have good email habits—do not respond to the links in an unsolicited email, instant message or chat
- Do not open attachments from unsolicited email
- Protect your passwords and don't reveal them to anyone
- Do not give sensitive information to anyone—on the phone, in person or through email—unless you are sure that they are who they claim to be and that they should have access to the information
- Check a website's security before sending sensitive information over the Internet
- Look at the site's URL. In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
- Install and maintain anti-virus software, firewalls, and email filters to reduce spam
- Keep your browser up-to-date and apply security patches
- Consult the WOT scorecard to find out if the site has appeared on phishing blacklists
If you believe you have compromised sensitive information about your accounts or organization, contact your financial institution, credit card company or appropriate authorities. Contact credit bureaus and issue a fraud alert. Phishing cases should be handled seriously and reported to local police. You can also file a report with the Anti-Phishing Working Group (APWG).