Gone Phishing - Keeping the Thieves Out of Your Inbox
YOUR ACCOUNT WILL BE TERMINATED IF YOU DO NOT VERIFY WITHIN TWO DAYS.
So begins just one permutation of one of the most successful phishing emails going around today. What is phishing? It is an attempt to steal personal information through the use of email and clone websites. That’s a simple explanation, but it does require just a little unpacking.
A phishing email is designed through clever hyper text markup language “HTML” to look exactly the same as an email sent out by a reputable institution such as a bank or online company. It has an exact replica logo, an exact copy of the language used in official documents and it has a link, not to the organization named, but to a clone site designed to take your information.
As a netizen, you are only one or two careless clicks away from handing your identity over to the most unsavory characters on the web. However, with a few simple rules, you can protect yourself against this threat and come to view the emails as a simple annoyance. When you follow these rules, that’s all a phishing email is; a simple annoyance.
The rules to protect yourself against phishing.
1. Never assume an email is from the institution on the subject line.
If you receive an email from the bank saying your account has been compromised, it may be from the bank. But in many cases it isn’t.
2. Go directly to the source.
The easiest solution is to close the email and go to your bank’s or whatever company is sending the email’s official site. This seems unnecessary, but I’ll add it just in case – if you receive an email from a company with whom you do not transact, just delete it. It isn’t for you.
Log in to your account on the official site and if there is an issue, you will probably be informed on your account page. If you want to take it one step toward an even safer option (though in some cases much slower), locate your bank’s or the company’s customer service number and call it.
3. Don’t follow the link in an email to an outside site.
These thieves are talented. They can create sites that look EXACTLY like the site they claim to be. In one case, thieves even created a page that looked as though the user was on a secure server. It was anything but secure.
Whatever you do, never follow a blind link from an email and NEVER enter your account information onto an online form from a link out of your email. Could it be legitimate? Maybe. Do you want to take the risk if it isn’t?
4. Don’t open attachments unless you are positive of the sender’s identity.
Many fake emails come with notes such as “membership verification form attached.” In these, the victim will open his or her computer up to Trojan horses, spyware, or viruses. An attachment is like a key to your home, you shouldn’t hand it over to just anyone.
5. Don’t reply to emails if you don’t know who wrote them.
If your bank or mortgage company really needs to contact you, they’ll send a letter to your home or call you. When you reply to bogus emails, in many cases you are putting your email address onto a master spam list. The delete key is a perfect solution to the unknown sender.
The best way to stay out of trouble online is to make sure that you stay alert and in control. Follow these five rules and you will do exactly that. Remember, it only takes one filled in web form to steal your identity.
Don’t let cyber thieves throw you back into the 20th century inconveniences of shopping (It wasn’t any safer then—just ask the people who had disreputable waiters or desk clerks steal their credit card information). The web can be a safe place to do business: Follow the rules and the world is at your fingertips. Ignore them and you’re taking unnecessary risks.
Per Contra Tech - Fall 2006