Personal Information Security – Phishing

In this article…
What is phishing?
How can you spot phishing?
How can you avoid falling victim to a phishing scam?
What do you do if you have fallen victim to a phishing scam?
External Links

What is phishing?
Phishing is a term given to a scheme designed to trick individuals into divulging sensitive information for malicious purposes. It is usually disguised as a legitimate enterprise requesting customers to update information and is usually in the form of an email with a link to a website that looks authentic. The referred website looks real but is fraudulent and set up to steal user’s information.

The first step involves getting an unsuspecting person to visit a website that is made to look like a website that is trusted. This is typically accomplished by sending an email that contains a link to the malicious website. But the visible text of the link will contain the name of the trusted website.

If the email headers are examined closely, it becomes apparent that the email actually is not from the trusted source.

When the email recepient clicks on the link in the email, he or she is taken to a website resembles the trusted website. But a closer look on the address bar will usually reveal a different URL or a slight variation on the spelling of the trusted site.

Now, when credit card information, authentication credentials or other personal details are entered and submitted, they are actually being submitted to the malicious website rather than to the trusted website. The phishing attack is successful at this point.

The information can be used to impersonate the legitimate user on the trusted website or just collected and sold to others.

How can you spot phishing?
Typically, email messages used in phishing scams will have phrases like

  • “Verify your account.”
  • “If you don’t respond within 48 hours, your account will be closed.”
  • “Click the link below to gain access to your account.”

How can you avoid falling victim to a phishing scam?

  • Be wary of emails asking you to click on links to update personal information. Always type the URL in your browser or use your own bookmark to visit any website.
  • Do not email personal or financial information.
  • Regularly review bank and credit card statements for unauthorized transactions.
  • Be careful when saving or opening any email attachments, regardless of origin.

What can you do if you have fallen victim to a phishing scam?

  • Forward spam that is phishing for information to spam@uce.gov
  • Get regular credit checks. Report any abnormal activity. Visit the Federal Trade Commission website for details on ordering a free annual credit report.
  • Work with your bank or credit card issuer to obtain new credit cards.

What can you do if you have fallen victim to a phishing scam?

  • Forward spam that is phishing for information to spam@uce.gov
  • Get regular credit checks. Report any abnormal activity. Visit the Federal Trade Commission website for details on ordering a free annual credit report.
  • Work with your bank or credit card issuer to obtain new credit cards.

Enternal Links
Federal Trade Commission
[Thanks to Jennifer Miller for the updated link]