Phishing is a type method criminals use to get to sensitive information (like usernames or passwords). It is a method of social engineering. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. This mail appears to come from some bank or other service provider. It usually says that because of some change in the system, the users need to re-enter their usernames/passwords to confirm them. The users usually have a link to a page that looks almost like that of the real bank.
Through such practices, criminals get access data to bank accounts, or other platforms (like online trade platforms). Very often, it can also be used for identity theft.
Above is an example of a phishing email, disguised as an official email from a (fictional) bank. The sender is attempting to trick the recipient into revealing secure information by "confirming" it at the phisher's website.
While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. A list of recommendations below that you can use to avoid becoming a victim of these scams.
- Be suspicious of any email with urgent requests for personal financial information
- unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'
- phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
- they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
- phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure - Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle
- instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser - Avoid filling out forms in email messages that ask for personal financial information
- you should only communicate information such as credit card numbers or account information via a secure website or the telephone - Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
- Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
- Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
- Regularly log into your online accounts
- don't leave it for as long as a month before you check each account - Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
- if anything is suspicious or you don't recognize the transaction, contact your bank and all card issuers - Ensure that your browser is up to date and security patches applied
No comments:
Post a Comment