Phishing

Phishing For Your Identity – Stealing Your Money and Personal Information

This is probably the most dangerous form of attack on your computer; the one that can either leave you pennyless, or steal your identity, or both. It's usually done in a sneaky way, relying on our trust of the banks and other institutions with whom we entrust our money and personal data.

Sneak attack

Who hasn’t received an email directing them to visit a familiar website where they are being asked to update their personal information? The website needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you’ve conducted business with in the past. So, you click on the convenient "take me there" link and proceed to provide all the information they have requested. Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You, my friend, have just been "phished". In essence, phishing is identity theft.

Stealing your personal information and identity

Phishing (pronounced as "fishing") is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business. The intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity. Despite you securing your computer from other more obvious attacks, phishing is a sneaky way to steal your information.

It is not that easy as you think to spot an email phishing for information. At first glance, the email may look like it is from a legitimate company. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable link even appears to take you to the company's website, when in fact, it is a fake website built to replicate the legitimate site.

Many of these people are professional criminals, out to phish your personal information and/or gain access to your money. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully. When reviewing your email remember that the "From Field" can be easily changed by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Also keep in mind that the phisher will go all out in trying to make their email look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Finally, they like to include a clickable link that the recipient can follow to conveniently update their information.

How to spot and avoid phishing

A great way to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

Finally, follow the golden rule. Never, ever, click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash box in your e-mail accounts as well. If you are truly concerned that you are missing an important notice regarding one of your accounts, then type the full URL address of the website into your browser. At least then you can be confident that you are, in fact, being directed to the true and legitimate website.

During the past few years, because of the phishing problem, many banks now do not include any direct links in emails they send out to their customers. Instead, they ask their clients to login to their account by typing the bank's URL address into the browser, rather than linking from email. This approach prevents a lot of phishing problems.

Despite this changed approach, unfortunately many ill-informed people still tend to get tricked into clicking from the phisher's email and thus fall victims to phishing. Always be alert and never click on any links in any email that might take you to banking or other important sites, which might contain your personal information. Even if such emails look very genuine.

For more specific information and steps on how to protect your identity, visit the next page.

Computer Privacy articles
	Identity Protection  Fighting Spam  Encryption  Keylogger  Phishing