Sunday, November 25, 2012

What Is Phishing and How to Detect a Phishing Email


Here's How Phishing Works:

You receive an email from what appears to be a legitimate company. Most, if not all of the time, it is addressed to "( Company's Name)Customer" or "Valued Account Holder" or "Dear ____ User". The "Phishers" use a generic salutation because these emails are sent out in huge batches. And who has time to address each one with the recipients name! If you don't see your name, be cautious.

The premise of the email is to get you to click on a link in the email. If they are successful in persuading you to do so, you will be directed to a fake website where your personal information is requested. Another possibility is a pop-up window will appear and direct you to enter your information after clicking the link. Remember, a legitimate company would never request any of your personally identifying information through an email.

Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. Clicking on a link might also lead you to.exe files. These kinds of files are known to spread malicious software. This technique may also be called "social engineering."

Here's What A Phishing Email Message Might Look Like:

FROM: XYZEE Company <accounts@xyzeeco.com>

SUBJECT: Please update account information

DATE: February 29, 2012

Dear Valued Account Holder,

Per our company policy, XYZEE conducts a periodic account verifcation process.

During the most resent process, we could not verify any of your account information.

In order to insure your account is secure, you must visit

(Example):comapnywebsite.com/account-updateinfo.com

Please click on the above link and update your current account information. If you do

this your account will stay in good standing. Failur to do this will mean your account

will be placed on a 60 day hold.

Sincerely,

XYZEE Company

Did you notice the spelling? Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a phishing email scam.

Also, Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to the next victim. The best way to protect your identity against theft and keep your personal information safe from a phishing scam is to know what to look for. Recognizing and avoiding email scams can help keep you safe online.

If you do suspect a phishing email scam, report it to: phishing-report@us-cert.gov

Be safe and stay informed.

Five Myths Concerning Identity Fraud   A Review of Krolls Identity Theft Shield Program   The Urgency of ID Theft Prevention   



0 comments:

Post a Comment


Twitter Facebook Flickr RSS



Français Deutsch Italiano Português
Español 日本語 한국의 中国简体。