It used
to be that you could spot a phishing site by its terrible grammar.
But the scams have become much more sophisticated and aggressive.
Now it's tough to distinguish the real sites from the crooked ones.
Phishing schemes rely on spam to lure people to look-alike sites.
These e-mail lures usually claim to be from banks or services like
PayPal. They might tell you to sign into your account to verify your
information. Then you'll typically be provided with a link to the
sign-in Web page.
But the link inevitably leads to a fake site that mimics the
real thing. Any information you type into the fake site will be
stolen. The crooks could get passwords, credit card numbers and
Social Security numbers.
So why are people still responding to spam? The truth is that
most people don't. Spammers subsist on only about one percent of
their targets. When spam e-mails are sent out by the millions,
one percent is big business. According to the Washington Post,
Americans were swindled of $2.4 billion dollars by phishing
scams in the year ending last May!
But
phishing is not the product of business people. These profiteers are
criminals.
You don't have to get swindled. The best way to stay secure is
simply to avoid phishing scams. And that starts with good e-mail
habits. First, do not respond to unsolicited e-mail (spam). Some
aggressive scams even include an account log-in form right in
the e-mail. Reputable businesses do not ask for passwords or
personal information through e-mail.
Second, do not click links in e-mail messages. Don't even cut
and paste addresses from e-mail. If you need to access online
accounts, do it the safe way. Type Web addresses directly into
the browser yourself. Also, be wary of phone numbers in
unsolicited e-mail. Some crooks are thorough enough to use a
phony customer service agent.
These two
rules alone can keep you out of a world of trouble. But don't forget
about dangers that can be passed through e-mail attachments.
Attachments can install programs like keyloggers, which record
everything you type. If that happens, crooks don't even need fake
sites to steal your information.
Do not open attachments from unsolicited e-mail. Again,
reputable organizations do not do business this way.
What if I've already been had?
If you suspect that you've been tricked into
giving away information, you can still act. You can find good advice
at the Anti-Phishing Working Group (APWG) Web site. The group is
supported by various banks, software companies and Internet service
providers.
You can also help by reporting suspicious e-mails. The APWG site
provides simple instructions to submit these e-mails. Consider
also alerting the companies whose names are abused. In most
cases, all you have to do is forward the e-mails to a special
address. When you forward, don't alter the messages or even the
subject lines.
You can typically find the addresses on an organization's
security or anti-fraud Web pages. But keep in mind that phishing
schemes are starting to use smaller, local names. Smaller banks
or credit card issuers might not have the resources to
investigate e-mails.
