Published on Brock University (http://brocku.ca)
What is phishing?
Phishing is an online version of identity theft. It is a method of fraudulently obtaining personal information, such as passwords, social security numbers, and credit card details, by sending spoofed emails that look like they come from trusted sources, such as banks or legitimate companies.
Typically, phishing e-mails ask recipients to click on the link in the email to verify or update contact details or credit card information. Like spam, phishing e-mails are sent to a large number of email addresses, with the expectation that someone will read the spam and disclose their personal information.
What are phishing tricks?
When they set up a fake web site, phishers attract users through spam or targeted e-mails, hoping to get lucky and find real customers of the hijacked bank, e-retailer, or credit card company. The e-mails can be extremely convincing, such as a message from an online shopping site saying that your credit card has been declined, or from Citibank saying that they have detected unauthorized activity on your account. The messages frequently feature logos, coloring schemes, and company mottos that seem legitimate.
What is phishing protection?
Phishing protection are software solutions that help keep you and your family or business safe from dangerous web site spoofs by flagging them before you release all your private data.
The best protection from phishing is education. The more a consumer knows about the tricks and tactics of phishers and cybercriminals the less naïve and vulnerable they will be to fake emails and websites.
How to spot phishing scams
It is easy to uncover a crude phishing scam. For example, if you get an e-mail from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information. Now, if you actually have an account at the institution it gets more interesting.
You’ll want to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.
The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will e-mail you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that “We will never ask you for your personal information via phone or email”.
Test your knowledge
Below is a link to a Phishing IQ Test which allows users to test and see if they can identify if a given list of e-mail's are phishing e-mail's or legitimate e-mail's. There is no registration required to take the quiz. After the quiz, don't forget to see why certain e-mail's are phishing e-mail's and why certain ones are legitemate by clicking on the 'Why?' links once shown your results.
Safe E-mail Tips
Never send your username/login and password in an e-mail message.
Beware when replying to unsolicited messages. Replying to these messages or going through the process of unsubscribing from lists merely enforces that they have discovered an active e-mail address. Ignore and delete these messages. Only unsubscribe from lists you have knowingly subscribed to or trust.
Beware of links in e-mail messages. Although some may take you to reputable content, others can lead to infected websites or phishing scams asking for your username/login and password.
Beware of any e-mail messages or attachments you are not expecting, even from friends, family, and colleagues. Some viruses can take over e-mail programs and impersonate people you know.
Don't run any executables (programs) received in e-mail. It is not the best way to transmit programs anyways. If you are transferring programs you should "zip" the files before sending.
Turn off the preview pane in your e-mail program (Outlook, Eudora, etc.). Some viruses can be accidentally initiated by just previewing the message in some older e-mail programs.
Turn off scripting and auto-launch features. Any features that run programs, macros, or scripts within e-mail messages are capable of launching viruses.
If you receive a message from anybody and are told to delete a file on your computer, DO NOT DELETE IT. Chances are it is a hoax. Check with your antivirus support person or visit a reputable antivirus website and see what they recommend.
Use discretion when forwarding e-mails. Not everyone appreciates receiving chain e-mails. Make sure the people you are sending them to don't mind this type of e-mail. If you receive a virus alert, although you may think you are doing your friends a favour by warning them, you could be feeding hysteria.