Avoiding Phishing Scams Online

You may not have heard of phishing scams before, but I’m almost certain you have seen them in your inbox. You may even have one in there right this minute!

These scams generally appear in the form of an email and are designed to convince you to take an action that will reveal some of your private details, like bank account numbers or passwords. This type of email phishing can be very advanced and convincing too!

Generally, you will receive an email appearing to be from a large organization or company that you are familiar with, such as your bank, credit card provider or mortgage lender (recently, EBay and PayPal attacks have become more and more frequent). The email will explain that there is some sort of problem with your account, (such as your password is expiring or your address needs updating) and asks you to log in immediately to avoid your account being frozen for security reasons.

Be Cautios and Suspicious

Make sure you take a close look at the address bar before you log onto any of your password protected financial accounts. Why? Because on a secure site, the “http” found at the beginning of the web address will change to “https”. Any site without the added “S” is not secure!

Individuals who attempt to log in through a link in a ‘Phishing’ email are unknowingly providing the thieves and scammers with their log in details! I bet you’re saying “I wouldn’t be that dumb” right?

When you receive an email saying someone in Nigeria wants to split $23,000,000 with you or that you are in line for a windfall inheritance from someone you never knew, it is obvious to most of us that those are scams. You may just roll your eyes as you hit the delete key. But things have changed recently. Scammers and thieves are getting smarter, more cunning and more devious. They are now finding more effective ways to steal your personal information.

Other approaches to phishing emails rely on panicking customers by sending them distressing news. For example, an email appearing to be from your bank might say something along the lines of…

“We have detected a fraudulent transaction on your account to the value of $747.08. As a result, we have frozen your card temporarily. Please log in to reactivate your account and contact us about this issue…”

You may be thinking, “How would a thief know what bank or credit companies I have an account with”? Good question. First, the majority of us will have an account with at least one of the mainstream U.S. banks or credit providers. So if a thief sends out hundreds of phony emails from “Citibank”, chances are good that several of the recipients will have some kind of account (credit card, mortgage loan, bank account) with Citibank.

Second, as three quarters of the US population have access to the Internet, it’s a good bet that we’re also using online banking. Third and finally, if they want to find out for sure who you have accounts with, they only have to check your old mail! Remember the ‘Dumpster Diving’ we talked about earlier? Exactly.

One very successful Phishing email that began to do the rounds towards the end of 2007 linked to a fraudulent PayPal replica web site that was such a perfect match to the official site, it was almost impossible to tell something was wrong until it was too late. Thankfully it was identified, tracked down and closed very quickly, but not before it had collected the private details and information from hundreds of customers.

Creators of these email messages often list a URL (website link) in the message that seems valid. But when victims click on the link, it actually takes them to a different site – the imposter site. These fake sites are even built to look identical to the real sites!! Worrying, huh?

How To Protect Yourself?

The best strategy to protect yourself from these types of attacks is a multi-pronged approach. First and foremost you need to take a look at your email service provider and check what protective measures they have integrated into their system. Most primary email providers have some advanced protection from viruses and phishing attacks.

If you do not have adequate protection from your email provider, Mozilla has developed an email application called Thunderbird. It protects you from email scams by warning you when a message is a potential phishing attempt. Additionally, it lets you know if you click on a link that appears to be taking you to a different web site than the URL that was in the message indicated. Did I mention it is free?

Second, take a look at your browser and check what protective measures have been built into the software. Certain internet browsers are able to alert users to fraudulent websites. Mozilla Firefox 2.0 uses Google anti-phishing software to alert you if it appears that a web page is attempting to trick you into disclosing your personal or financial information.

The latest versions of Internet Explorer and Opera also include phishing filters. Both the Firefox browser and the Thunderbird email application from Mozilla are absolutely free! Just go to Mozilla for details.

Personally I would recommend using a browser that utilizes phishing filters and switching to an email service provider that has adequate protection from spam and phishing emails. But don’t think any email provider will be able to shield you completely. As we talked about earlier, the world of Identity Theft is constantly evolving.

Another Useful Strategy

Another way to defend yourself against these attacks is to avoid clicking links in an email message. It may be a safe link to a secure site, but is it worth the risk if it isn’t? If you receive an email that contains a website link – even if you believe it is valid – open your internet browser and type in the site’s real address by hand. This will take you to the authentic site and you will not be fraudulently redirected somewhere else. By adopting this quick tip, you can massively reduce the risk of being caught in a phishing scam!

If you do receive an email that seems suspect, make sure you report it to your email service provider. If you receive a phishing message that appears to be from a real company like your bank, EBay, PayPal, etc., report it to those companies as well. Most sites make it very easy for you to report this kind of activity.

Keep in Mind The Following…

  • Do not open an email if you don’t recognize the sender.
  • Do not click links in an email message. Always go to your browser and type in the website’s address or select the address from your bookmarks.
  • Use a browser and an email provider that have integrated phishing protection.
  • Look for ‘https’ on credit or banking sites before you log in.
  • Report suspicious emails immediately!