Phishing: What it is and how to defend against it

Written by ryan. Posted in Uncategorized


Published on September 22, 2010 with No Comments

Q: I’ve heard the term “phishing.” What is it, exactly?
A: “Phishing” is the term given to a type of crime that involves tricking victims into revealing financial account numbers, passwords and other sensitive personal information.
The most common form of phishing occurs via e-mail. Typically, you will receive a message that claims to be from your financial institution. The message will be urgent in nature, something to the effect of, “Your debit card has been deactivated. Click here to reactivate it.”

Other versions include, “Your account has been compromised and we need you to verify your account information,” or simply, “Click here to verify your account information.” Most of the time, the message will look authentic, with correct logos and contact information for the financial institution. In every case, a link is provided for you to click on.
However, it is extremely easy to disguise a link in an e-mail message – to have it say one web address but actually direct you to a completely different site. If you click on this link, you will be taken to a login page. Again, this page might be completely authentic-looking, perhaps indistinguishable from the targeted financial institution’s real login page. If you enter your account number and password, though, you have just granted easy access to your checking or savings account. If the page further asks you to verify your name, Social Security number, address, date of birth and other details, you are putting yourself at risk of identity theft.
Q: How do you avoid becoming a victim of a phishing attack?
A: The first step is forethought – Think before you click. The crooks that run these scams harvest thousands, if not millions, of e-mail addresses at a time, and then send the exact same message to every address. Not every potential victim will have an account at that bank or credit union, but enough will to make the scheme a success. If you get a message purportedly from a financial institution, ask first whether or not you even have an account there. If you bank with XYZ and you get an e-mail from ABC, you are looking at a phishing attempt.
The second step is knowledge – Know how a real financial institution will and will not contact you. I can give you some inside information here: no credit union or bank will ever send you e-mail asking you to “verify” your personal details, or instruct you to click a link to “reactivate” a card or service. The USA Patriot Act requires that we get all of this information when you first open your account. There is no need for us to ask you to verify anything once it is up and running, because we have it already. In any case, we will never e-mail you a link to click on and log in.
The third step is inquisitiveness – If you still think an e-mail message from your financial institution might be legitimate, get out the phonebook and give them a call. Do not trust any phone numbers in the e-mail, though. It is possible – though rare – for a sophisticated phishing operation to have a line set up to reassure victims that the e-mail is real.
The final step is stubbornness (or cussedness if you prefer) – Simply refuse to click any links in any e-mail message you receive. Because it is so easy to create a disguised link in an e-mail message, just figure that you cannot trust any of them. If you want to follow a link, use your mouse to highlight the text of the link, and then paste this address into a browser window. That way, if the link was disguised, at worst you will end up at the real Web site.
One last note: no matter how curious you are, do not visit phishing sites, even if you have no intention of entering personal information. These days, fake login sites often come with a malicious software component. Even if they do not glean your personal information, they may attempt to install keyloggers and other spyware onto your computer, which can open you up to identity theft.

Share This Article

About ryan

Browse Archived Articles by

No Comments

Comments for Phishing: What it is and how to defend against it are now closed.