How To Protect Yourself From Phishing, The Most Dangerous Kind Of Spam
By: Donald Nelson
Spam is one of the curses of the Internet age. But if the clogging of mail boxes with useless emails was bad enough, unsolicited emails aimed at tricking you into giving your valuable passwords, banking and PIN numbers is the most dangerous variety of email that you will ever encounter. This kind of email is known as "phishing" because the unscrupulous authors of these messages are fishing for valuable information which they can use to capture your online identity.
If you think that you won't be fooled by such tricks, think again. Phishers commonly send emails which look like they come from respected financial institutions, such as PayPal, Visa, Ebay, America Online. The messages spoof the email address of the institutions and the letters have the proper logos and everything. They look real. The subject message usually has a dire warning: "Your Pay Pal Account (or Ebay, or online bank account) has been suspended." "Warning: Confirm Your Online Banking Account." These messages look so real, that 5% of recipients respond to them
Naturally if you have a good amount of money in your PayPal or online banking account, you are going to panic when you receive email like this. The first thing to do is to stay calm. Remember, responsible institutions will never suddenly suspend your account or ask you to give personal information in an insecure manner.
Usually the phishing emails will ask you to enter new information for your account and they will give you urls, asking you to click through and log into your account. The urls in the email will look like the log-in addresses for these institutions, but if you put your mouse over them you will see that the actual web address is different.
If you get any email of this type the second rule is never, never click through and try to log in. If you log in with your user name and password, then phishers have captured your password. If you go on to fill out other information such as: bank account numbers, social security number, mother's maiden name or driver's license number then the fraudsters will really have you.
If you are worried about your online account and want to see if it is OK. Then go to the home page of PayPal, Ebay or your bank, and log into your account in the customary way using the usual url, such as https://www.paypal.com/ rather than with the url in the suspect email. When you get into your account you will probably see that everything is normal. If your institution indeed has a message for you, you will find it in that safe environment without compromising your security. If you are still in doubt, call up your institution using their toll free customer service numbers.
PayPal also has a security section where they tell you what to look for in fraudulent emails. For example, whenever PayPal sends you an email it will always start off with "Dear Donald Nelson," in my case, or whatever name you used when you signed up. They will not say "Dear Valued Paypal customer." So log into the proper areas of your institution and learn as much as you can about security procedures.
The third thing to do is to report suspicious email . We have to put these crooks out of business, and that can only happen if we report fraud whenever we see it. You can get quick service from PayPal by forwarding email of this type to firstname.lastname@example.org. Usually within an hour you will get a reply telling you whether the email comes from PayPal or not. For other instances of Phishing, you can report them to the Anti Phishing Working Group at http://www.antiphishing.org/. This website, staffed by volunteers, has up to date information about the latest scams and is doing its best to make the Internet safer for us.
Finally, if you have given any information to fraudulent websites, move swiftly to protect yourself.
Notify your bank, change your passwords for online accounts, and watch your online accounts for any signs of unusual activity. A good guide with useful and detailed information on what to do if you have given out valuable information can be found at http://www.antiphishing.org/consumer_recs2.html.
So, enjoy the Internet but take precautions and protect yourself from any devious phishing message which may land in your mail box.
Donald Nelson is a web developer, editor and social worker. He has been working on the Internet since 1995 and is currently the director of A1-Optimization a firm providing affordable search engine optimization and other website promotion services.