Phishing Scams, A Growing Identity Theft Menace
There is no doubt that identity theft is a growing problem and we should all try to educate ourselves to avoid being a victim of this often devastating crime. It seems that criminals are using increasingly ingenious methods to gain access to our private and valuable personal information and computer users must be aware of criminal information gathering techniques known as phishing. You may have heard about phishing scams in the news recently because so many have fallen prey to this clever methodology employed by tech savvy criminals. We are all busy in todays fast paced world and it's hard to keep up with every new threat and development so the purpose of this article is to describe what phishing is, and how you can avoid being a victim. Phishing attacks employ social engineering and technical subterfuge in the attempt to obtain an individual's personal identity data and financial account information. Social-engineering schemes use fraudulent e-mails which attempt to direct consumers to counterfeit websites, often perfectly replicating legitimate business sites to trick recipients into releasing financial data such as credit card numbers, account passwords, user names and social security numbers. Hijacking brand names of banks, online retailers and credit card companies, phishers regularly obtain this private data. Technical subterfuge schemes usually plant spyware and crimeware onto user computers to access personal data directly, most often utlizing Trojan keylogger spyware. What can we do to avoid such clever deceptions? First of all just knowing that the threat exists is very important and many victims report that they had never heard of phishing before becoming a victims. In addition there are several practical precautions we can all take to minimize our exposure to risk.
1. Be wary of any email containing urgent requests for financial information suggesting your immediate response is required, statements designed to upset and excite the respondent are often included to elicit a quick reply. These emails often demand user names and passwords as well as SSN's. Legitimate businesses never ask for confidential data via email and none of this information should ever be sent by email as security is severely compromised.
2. If you question the authenticity of an email don't use the links embedded in the email to access the company webpage, instead type the URL of the company in your browser to insure you are looking at the legitimate website. You can also phone the company to insure an email request is authentic and companies today are aware of phishing threats and will generally appreciate being informed of a potential problem.
3. Financial information should only be communicated through a secure website or by telephone and never by an email request. Secure websites always have the https:// preceding the web address rather than just http:// in the browser address window.
4. Check your online accounts on a regular basis even if you have no transactions, dormant and little used accounts are common targets for online predators. Carefully review your credit card statements for unauthorized transactions and make sure your shred them if not retained for your records.
5. Make sure your browser is updated regularly with the latest security patches and you should also have an anti-spyware program installed and running at all times. Take these necessary precautions to avoid your exposure to the identity theft problem known as phishing.
Zone Labs Articles
Zone Labs Books