ELM Bulletin - March 31, 2006
Protect Yourself From Phishing Scams
One of our readers has requested that we discuss phishing scams (and what can be done to protect oneself against them) in the ELM Bulletin. Since we love to make our readers happy we will use this month's ELM Bulletin to respond to that request.
What Is Phishing? - Phishing, derived from fishing, is very much like fishing in that false information is presented in such a way as to make it seem true. Phishing is the process by which a computer user is deceived into believing that an untrustworthy internet resource (website, email, etc.) represents a legitimate enterprise. Many of you have no doubt received numerous or unsolicited eBay or PayPal account notices, in general these notices are phishing scams hoping to entice the recipient to respond and supply any requested information.
What Is The Purpose Of Phishing Scams? - The primary purpose of a phishing scam is theft. Phishing scams exist to obtain information which those behind the phishing scam can use to steal from anyone who has been fooled by the scam. The goal is typically to steal a persons identity or money. In the rare case a phishing scam will be used to gain information from corporate competitors.
How Can Phishing Scams Be Prevented? - Since phishing scams currently rely on human interaction and social engineering techniques for their success the best defense against them is to stop being human. As that is impossible for most of us the next best defenses are listed below:
A - Suspect Everything - Phishing scams rely, first and foremost, on our inherent desire to trust. Since information on the internet is more open to manipulation than a Hollywood movie it is reasonable to be suspicious of anything found on the internet or in the inbox until it has been verified. Review your bank and credit card (and eBay, PayPal, etc., as necessary) statements for unauthorized transactions. If you receive an email that you suspect to be a phishing scam but are concerned that it may be valid simply open an internet browser and visit the website for the enterprise in question. DO NOT click on or use any link or web address in the email itself but use the web address listed on the enterprises official documentation. If this does not help call the enterprise in question and describe your situation, in most cases their staff will be willing to help you since their reputation is also at risk.
B - Knowledge Is Power - Knowing what eBay, PayPal or your bank will and will not do will enable you to discover phishing scams before they can hurt you. Knowing that no legitimate institution will ask you for account and/or access information (since they already have it on file) will keep you from falling prey to the many phishing scams that ask for this information. If in doubt, contact the enterprise purportedly behind the suspected phishing scam by telephone and ask them if the request is legitimate. Any website or email that asks for account and/or access information is almost certainly up to no good.
C - Get Some Help - Many security products offer some form of phishing scam protection. While not foolproof this protection is certainly better than nothing and even seeing the software load whenever you turn on your computer may be enough to remind you to be alert to users of the internet who are not as nice as you. Call us for latest product recommendations.
D - In Numbers There Is Strength - If you believe that you have been the target of a phishing scam contact the appropriate authorities as soon as possible. Keep as much information as possible from the scam (email, website address, information supplied, etc.) or write down as much as you can remember. Contact the fraud department of the institution that the phishing scam used as a cover. Contact your federal government as most now have departments that deal specifically with internet fraud, which is what a phishing scam is. If in doubt most enterprises now have information on how to report phishing scams on their websites.
E - The Day After - If you believe that you have been the victim of a phishing scam you should still do all that is recommended in "D" above, then take the steps below:
i - Contact the authorities immediately
ii - If you supplied credit card information throw out your credit card and contact your credit card organization to request a new one.
iii - If you supplied access information to your bank account contact your bank and tell them what happened.
iv - Contact the police.
v - Change all of your access codes and/or passwords.
Microsoft has a very useful anti-phishing website that is an excellent first resource, it can be viewed here:
http://www.microsoft.com/athome/security/email/phishing.mspx
FraudWatch International is an other excellent resource:
http://www.fraudwatchinternational.com/internet/phishing.shtml
As always, please do not hesitate to contact me if you have any questions about this or any other issue.
Past issues of the ELM Bulletin are available from our website, feel free to forward them to anyone you wish.
You have received this ELM Bulletin either by request or because you have given your contact information to an ELM employee. If you no longer wish to receive the ELM Bulletin, send us an email with "Remove Me" in the subject line and we will remove your email address from our distribution list.
Peter Rhebergen Telephone |
Websites & Publications Product Websites |
.jpg)
