What is Phishing?
Phishing is a type of online fraud
in which a scam artist uses an e-mail or website to illicitly obtain
confidential information. Phishing scams
frequently involve a copycat website designed to mimic that of a reputable
company, often a bank or other financial institution, asking users to transmit sensitive
data.
|
|
How to Identify a
Phishing Scam
|
- Phishing
scams are often effective because scam artists are skilled in replicating
websites and can make it difficult to differentiate from the original
website. This can be achieved by
directly copying an existing website, and even linking to graphics stored
on the real company's servers.
However, keeping a few things in mind can help you determine whether
your information is being kept safe.
- If you
received an e-mail reporting a problem with your account, first check the
address from which the e-mail was sent.
If the address does not match the company's website, it is
fraudulent.
- Advanced
scam artists can make their e-mails appear as though they are from a
legitimate company. If this is the
case, make sure any links or URLs point directly to the real website. Many phishing scams will employ a
different domain - e.g. www.ebay.net (note the .net domain) or
www.eebay.com (note the double E) instead of www.ebay.com, the real
website.
- Legitimate
companies do not ask for more information than they need, so be wary of
any website asking you to reveal your Social Security number, bank account
number, or other private information you do not ordinarily share.
- Never
send personal information via e-mail.
A legitimate website will have a secure, encrypted form. An easy way to tell whether a website
is secure is to look at the HTTP in the address bar. Secured sites will read https instead of
http. For instance, the sign in
page for eBay is https://signin.ebay.com, which tells you that your data
is protected.
- If you
are still unsure, try to contact the company directly by returning to the
main page. Do not use the contact
information from the e-mail or the website linked in the e-mail, as these
may be spurious. Do not send
private or financial information.
- The
Anti-Phishing Working Group maintains a list of known phishing
attacks. Their website can be found
at http://www.antiphishing.org/phishing_archive.html.
- Most current
anti-virus and firewall programs will help keep you safe from some
attacks, but these should not be relied on as a primary measure. Additionally, some browsers will warn
you if you are being redirected to a potentially malicious website.
|
|
What to Do if You Have Been the Victim of a Phishing
Attack
|
- If you
think you have transmitted private information to a malicious website,
immediately notify the appropriate contacts within the legitimate
organization. They will help you
recover data if possible, and will watch for any suspicious activity. The network administrator can also take
steps to prevent a similar attack in the future.
- If you
may have revealed compromising financial information, contact the
institution responsible for your account and tell them what data may have
been compromised. Close any
accounts that may be attacked, and watch for unusual activity, including
unusual charges.
- You
may also consider filing a report with the police and reporting the attack
with the Federal Trade Commission, whose website can be found at http://www.ftc.gov.
|
|
|
|
|
| About CyberAngels |
 |
As part of its mission of "keeping it safe" The Guardian Angels moved beyond the streets and
responded to citizens' calls for protection from online threats with the launch of
CyberAngels in 1995. The volunteer-based CyberAngels is one of the oldest and most
respected online safety education programs in the world. Our organization
offers articles, instruction, tips and resources via our website to promote safe Internet use
by children and families, guide parents, and assist victims of cyber crimes. |
|
|
