- Report suspicious e-mail. I first started receiving phishing scams that appeared to be from Ebay or Paypal. I continue to receive them from Paypal. If you suspect you may have received phishing e-mail designed to steal your identity, report the e-mail to the faked or "spoofed" organization. Contact the organization directly—not through the e-mail you received—and ask for confirmation. If you think you've received a phishing e-mail message, do not respond to it.
- Do be wary of clicking on links in e-mail messages. Whenever I receive a suspicious email that wants me to update my account I hold the mouse over the links to see where they will take me. Usually they go to some obsure website located in a country outside of the United States. Links in phishing e-mail messages often take you directly to phony sites where you could unwittingly transmit personal or financial information to con artists. Avoid clicking on a link in an e-mail message unless you are sure of the destination. Even if the address bar displays the correct Web address, don't risk being fooled. There are several ways for con artists to display a fake URL in the address bar on your browser. To see an example of this, read How can I tell if an e-mail message is fraudulent?
- Do type addresses directly into your browser or use your personal bookmarks. When I received a fraudulant email I usually login into my pay pal site to check if the account is ok. If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.
- Do check the security certificate when you are entering personal or financial information into a Web site. Before you enter personal or financial information into a Web site, make sure the site is secure. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar as shown in the following example. Example of a secure site lock icon. If the lock is closed, then the site uses encryption. The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. It's important to note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information. Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site. If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave. Tip: If you don't see the status bar at the bottom of your browser window, click on View at the top of the browser, and then select Status Bar to activate it.
- Don't enter personal or financial information into pop-up windows. One common phishing technique is to launch a fake pop-up window when someone clicks on a link in a phishing e-mail message. To make the pop-up window look more convincing, it may be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking on the red X in the top right corner (a "cancel" button may not work as you'd expect).
- Do update your computer software. Making sure you have the latest virus protection from Norton or other virus protection providers is very important. Additionally if you are running a Microsoft, you can run the automatic updates to make sure you have the latest security updates.
Thursday, January 19, 2006
Phishing Scams and Identity Theft Protection
Some tips from Microsoft to prevent becoming a victim in a phishing scheme are: