User Friendly PC - Phishing Protection

Phishing

Phishing is the process of attempting to acquire information such as usernames, passwords, personal and financial information by masquerading as an authentic entity in an electronic communication. Communications claiming to be from popular social web sites, financial institutions, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail, pop-up message or instant messaging and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Examples of phishing include statements like, "During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information." or “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

Some phishing emails threaten a dire consequence if you don’t respond such as your account will be suspended or cancelled. They create urgency in the reader. The messages direct you to a website that looks like a legitimate organization’s site. But don't be fooled, it isn’t. It’s a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

NEVER EVER give your personal information out in an email, from a pop-up message or through instant messaging. Financial institutions and companies do not email anyone asking for them to update their information by clicking on a supplied link. If you get an email or pop-up message that asks for personal or financial information, do not reply. Don’t click on any links in the message, either. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new browser session and type in the company’s correct web address yourself. In any case, don’t cut and paste the link from the message into your browser. Phishers can make links look like they go to one place, but actually send you to a different site.

Phishers are now able to forge BOTH the "https://" that you normally see when you're on a secure web server and a legitimate-looking address. You may see both in the link of a scam email. Make it a habit to enter the address of any banking, shopping, auction, or financial website yourself and DO NOT depend on displayed links. Phishers can now also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock was usually considered another indicator that you are on a safe site. The lock, when double-clicked, displays the security certificate for the site. If you get ANY warnings that the address of the site you have displayed does NOT match the certificate, do not continue.

Most web browsers today will also show you the web address as you hover the mouse over the link before you click on it, in the lower left corner of the browser window. Pay close attention to the address displayed as it only takes a simple change to send you off in the wrong direction. It could be as simple as changing .com to .org or or www.paypal.com to www.paypall.com

Some phishers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol (VOIP) technology, the area code you call does not reflect where the rip-off artists really are. If you need to reach an institution or business, call the number on your statements or on the back of your credit card. If you suspect a phishing attempt, notify the institution or company immediately preferably by telephone.

As always, be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. Some phishing emails contain software that can harm your computer such as viruses and other malware or track your activities on the internet without your knowledge. Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. We use and recommend Avast for our anti-virus needs and Comodo as a local firewall.

Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their web sites about where to report problems. Forward the email to reportphishing@antiphishing.org.

If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft. Notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov. Victims of phishing can become victims of identity theft. While you can’t entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.