Phishing Attacks Avoiding with Common Sense and Free Credit Disclosure
by Jan Hertsens
What is Phishing?
Phishing attackers use "spoofed" e-mails and fake websites to fool recipients into giving up personal financial data such as credit card numbers, account usernames and passwords, social security numbers, or other vital personal information. The attackers use well known names of banks, online stores and major credit card companies in order to gain the confidence of consumers who are not educated about spoofing attacks. These criminals may send out millions of these e-mails a day knowing that it only takes a very small percentage of people to fall into their trap to make their crime pay.
How to Protect Against Phishing.
Log Directly Into the Service: If you receive a link from a financial institution or a processor like PayPal type the website directly into your address bar. For example for PayPal you would use https://www.paypal.com/ instead of clicking on the link in the e-mail. However this is not absolute protection because some phishers and spyware writers are modifying the HOSTS file on your PC. The best precaution is to call the company on the telephone to verify this e-mail.
Beware Generic Greetings: Emails from a bank or online retailer should be able to address you by your first and last name since you are an account holder. Phishing emails frequently use "Dear User" or "Dear Member".
Don't Open Email Attachments: No reputable financial institution will ever send an email asking you to download an attachment or a software program (unless you specifically request it). The attachments contained in phishing emails usually contain viruses that may harm your computer or attempt to compromise your account through spyware. Be aware that many spyware programs can be installed via e-mail and once on your system the spyware will make it completely open to attackers who are able to intercept not only your surfing history but keystrokes. This includes passwords to financial institutions and online banking sites.
Be Skeptical of Personal Information Requests: While it is possible for your banking institution to ask for this information it is never advisable to send it via e-mail or to answer such a request via e-mail. A sure fire tip that criminals are phishing is the request for details such as your full name, account password, credit card number, bank account, PIN number, Social Security Number, or even your mother's maiden name. These are major red flags that the e-mail is not genuine and is only designed to extract information from the target.
Avoid E-mail Forms: Some phishing attacks will come in the form of Rich HTML that usually has a form where you can input the information directly into the e-mail. Never do this. Always surf directly to the site by manually entering in the web address.
Keep Tabs on Your Accounts: It is also wise to regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. The longer you go without checking the more damage a thief can do. You may also want to look at credit and bank monitoring services that will watch this activity for you. If anything is suspicious, contact your bank and all card issuers immediately to double check the transactions. Also keep in mind you can request, once a year if you are a U.S. resident, a free credit disclosure!
What it is and How To Get It: A credit file disclosure provides you with all of the information in your credit file maintained by a consumer reporting company that could be provided by the consumer reporting company in a consumer report about you to a third party, such as a lender. A credit file disclosure also includes a record of everyone who has received a consumer report about you from the consumer reporting company within a certain period of time ("inquiries"). The credit file disclosure includes certain information that is not included in a consumer report about you to a third party, such as the inquiries of companies for pre-approved offers of credit or insurance and account reviews, and any medical account information which is suppressed for third party users of consumer reports. You are entitled to receive a disclosure copy of your credit file from a consumer reporting company under Federal law and the laws of various states. Get it here- http://www.annualcreditreport.com
Take Action Against Phishers
If you do receive an e-mail you suspect is ?spoofed? or a phishing attack take action to warn others. When forwarding the e-mail ensure all the header information is sent to the parties below as this will assist them in tracking down and prosecuting the criminals.
1) Forward the email to the Federal Trade Commission at spam@uce.gov
2) Forward the email to the "abuse" email address at the company that is being spoofed (e.g. spoof@ebay.com or spoof@paypal.com)
3) Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website.
4) Report the e-mail to FRIED PHISH an all volunteer movement at CastleCops. This information is sent out to securtity companies world-wide.
This article is copyright 2005 by XBlock.com.
It may not be reprinted or copied without the express written consent of the author.
Related Articles
Read other articles (back to full list)
|