What is phishing? Phishing (pronounced: fishing) is an online-fraud technique that is used by criminals to lure you into disclosing your personal information.

Unfortunately, as phishing attacks become more sophisticated, it is very difficult for the average person to tell whether an email message or website is fraudulent. That is why phishing schemes are so prevalent and successful for criminals. For example, many fake email messages and websites link to real company logos of well-known brands giving the impression they are legitimate.

The following are several ways criminals go “Phishing”:

1) Requests for personal information in an email message  
Most legitimate businesses have a policy that they do not ask you for your personal information through email. Be very suspicious of a message that asks for personal information even if it might look legitimate.

2) Urgent wording – “Problem with your account!”   
Wording in phishing email messages might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and in order to validate your account, you must click a link included in the email and complete an online form. They are trying to create a sense of urgency so that you immediately respond without thinking.

3) Attachments
Many phishing schemes ask you to open attachments which can then infect your computer with a virus or spyware. If spyware is downloaded to your computer, it can record the keystrokes that you use to log on to your personal online accounts. Any attachment that you want to view should be saved first, and then scanned with an up-to-date antivirus program before you open it.

4) Link masks  
Though the link that you are urged to click might contain all or part of a real company’s name, the link can be “masked.” This means that the link you see does not take you to that address but to a different spoofed website. Resting the mouse pointer on the link in a message can reveal another numeric internet address (formatted like this 199.268.5.002). This should make you suspicious.

Don’t take the bait!!!
As difficult as it can be to spot phishing emails, there are some best practices we can use to avoid becoming victims.

1) Never reply to email messages that request your personal information.
Bogus communications purporting to be from banks, credit card companies, and other financial institutions have been widely employed in phishing scams, as have emails from online auction and retail services. Carefully examine any email from your banks and other financial institutions. You should regard any email making such a request with extreme skepticism. Use the phone number from one of your statements to call the business. Do not call a number listed in the email message. Similarly, never volunteer any personal information to someone who places an unsolicited call to you.

2) Don’t click links in suspicious emails.
The link might not be trustworthy. Instead, visit websites by typing their URL or web address into your browser. Do not copy and paste links from messages into your browser.

3) Use credit cards for transactions on the Internet.
In most locales, your personal liability if someone compromises your credit card is significantly limited. By contrast, if you use direct debit from your bank account or a debit card, your personal liability frequently is the full balance of your bank account. In addition, a credit card with a small credit limit is preferable for use on the Internet because it limits the amount of money that a thief can steal in case the card is compromised.

4) When purchasing online, make sure the website uses encryption! 
The web address should be preceded by https:// instead of the usual http:// in the browser’s Address bar. If it is not, STOP! Do not proceed.

5) Monitor your transactions 
Review your order confirmations and credit-card and bank statements when you receive them to make sure that you are being charged only for transactions you made. Immediately report any irregularities in your accounts by dialing the number shown on your account statement. Using just one credit card for online purchases makes it easier to track your transactions.

Additional information can be found at the following links:

FTC Consumer Alert: How Not to Get Hooked by a ‘Phishing’ Scam
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

US-CERT Cyber Security Tip ST04-007: Reducing Spam
http://www.us-cert.gov/cas/tips/ST04-007.html

US-CERT Cyber Security Tip ST04-010: Using Caution with Email Attachments
http://www.us-cert.gov/cas/tips/ST04-010.html