Sign me up for the ELM Bulletin (click here)

Return to the ELM Bulletin Index

See what our client's say about us

Email this website to someone you know

Subject: Protect Yourself From Phishing Scams

One of our readers has requested that we discuss phishing scams (and what can be done to protect oneself against them) in the ELM Bulletin. Since we love to make our readers happy we will use this month's ELM Bulletin to respond to that request.

What Is Phishing? - Phishing, derived from fishing, is very much like fishing in that false information is presented in such a way as to make it seem true. Phishing is the process by which a computer user is deceived into believing that an untrustworthy internet resource (website, email, etc.) represents a legitimate enterprise. Many of you have no doubt received numerous or unsolicited eBay or PayPal account notices, in general these notices are phishing scams hoping to entice the recipient to respond and supply any requested information.

What Is The Purpose Of Phishing Scams? - The primary purpose of a phishing scam is theft. Phishing scams exist to obtain information which those behind the phishing scam can use to steal from anyone who has been fooled by the scam. The goal is typically to steal a persons identity or money. In the rare case a phishing scam will be used to gain information from corporate competitors.

How Can Phishing Scams Be Prevented? - Since phishing scams currently rely on human interaction and social engineering techniques for their success the best defense against them is to stop being human. As that is impossible for most of us the next best defenses are listed below:

A - Suspect Everything - Phishing scams rely, first and foremost, on our inherent desire to trust. Since information on the internet is more open to manipulation than a Hollywood movie it is reasonable to be suspicious of anything found on the internet or in the inbox until it has been verified. Review your bank and credit card (and eBay, PayPal, etc., as necessary) statements for unauthorized transactions. If you receive an email that you suspect to be a phishing scam but are concerned that it may be valid simply open an internet browser and visit the website for the enterprise in question. DO NOT click on or use any link or web address in the email itself but use the web address listed on the enterprises official documentation. If this does not help call the enterprise in question and describe your situation, in most cases their staff will be willing to help you since their reputation is also at risk.

 

B - Knowledge Is Power - Knowing what eBay, PayPal or your bank will and will not do will enable you to discover phishing scams before they can hurt you. Knowing that no legitimate institution will ask you for account and/or access information (since they already have it on file) will keep you from falling prey to the many phishing scams that ask for this information. If in doubt, contact the enterprise purportedly behind the suspected phishing scam by telephone and ask them if the request is legitimate. Any website or email that asks for account and/or access information is almost certainly up to no good.

 

C - Get Some Help - Many security products offer some form of phishing scam protection. While not foolproof this protection is certainly better than nothing and even seeing the software load whenever you turn on your computer may be enough to remind you to be alert to users of the internet who are not as nice as you. Call us for latest product recommendations.

 

D - In Numbers There Is Strength - If you believe that you have been the target of a phishing scam contact the appropriate authorities as soon as possible. Keep as much information as possible from the scam (email, website address, information supplied, etc.) or write down as much as you can remember. Contact the fraud department of the institution that the phishing scam used as a cover. Contact your federal government as most now have departments that deal specifically with internet fraud, which is what a phishing scam is. If in doubt most enterprises now have information on how to report phishing scams on their websites.

 

E - The Day After - If you believe that you have been the victim of a phishing scam you should still do all that is recommended in "D" above, then take the steps below:

i - Contact the authorities immediately

ii - If you supplied credit card information throw out your credit card and contact your credit card organization to request a new one.

iii - If you supplied access information to your bank account contact your bank and tell them what happened.

iv - Contact the police.

v - Change all of your access codes and/or passwords.

Microsoft has a very useful anti-phishing website that is an excellent first resource, it can be viewed here:

http://www.microsoft.com/athome/security/email/phishing.mspx

As always, please do not hesitate to contact me if you have any questions about this or any other issue.

Peter Rhebergen

Technical Specialist, Systems and Software

Email: peter@elmcomputers.com

ELM Computer Systems Inc.

502 Gordon Baker Road

Toronto, Ontario, M2H 3B4

Telephone

Local: 416 495 1624 (112)

Toll free: 800 268 3211

Fax: 416 495 0044

Website & Publications

ELM Computer Systems Inc

ELM Bulletin (complementary)

Product Websites

T4 TimeSaver (Tax Slip Preparation)

AvanTax (Automobile Taxable Benefits)

T4 OnLine (Online T4/T4A/T5 Preparation)