An explanation of phishing and how you can protect yourself from it.
What is Phishing?
Phishing is a lot like “fishing.” Someone sends out e-mails that contain a link to a phony Web site (like a baited hook). The e-mails appear to be legitimate and typically request sensitive personal information such as account numbers, passwords, or a Social Security number. In reality, however, they are only the phisher’s attempt to get someone to “bite” and provide him with their personal information. When this happens, the phisher can potentially use the information to make fraudulent purchases, access bank accounts, or even steal his prey’s identity. If you are uncertain about an e-mail’s legitimacy, don’t bite! It is best not even to click on any links in a message until you’ve validated its source.
How To Protect Yourself From Phishers
It can be difficult to tell whether a request is legitimate simply by looking at the e-mail or Web site (both of which can be forged), but if you are contacted unexpectedly and asked for your personal information, there’s a good chance that something is “phishy.” Legitimate companies and agencies don’t operate that way.
Don’t click on a link in an e-mail that asks for your personal information. It may take you to a phony Web site that looks just like the Web site of the real company or government agency. If you enter your personal information on the site it will be in the hands of identity thieves. To check whether a message is really from the company or agency, get their phone number from a phone book or the Internet (not the questionable Web site) and call it directly. Or go to the company’s official Web site via a different route (like a search engine).
If someone contacts you and says that you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if they see an unusual spending pattern for your account (this may indicate that someone else is using your account). Usually, however, they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Then get the main number (see tip above) and call to find out if the person is legitimate.
Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your Social Security number and other personal information. Follow the advice above and verify the employer’s identity before providing any personal information.
Psmail takes phishing very seriously. Our secure email service includes the use of a scanner which will recognize most phishing emails as dangerous and discard them before they ever reach your mailbox or your mail folders. If you have receieved an email that you suspect is fraudulent, please forward the whole message with headers and body to firstname.lastname@example.org in a zipped or compressed format. We use this information to update our scanners and increase the protection that they offer.
For additional information about phishing, please visit the nonprofit website at http://www.phishinginfo.org.