You receive an email from your bank warning you that your account information needs to be updated urgently or else it will be suspended. In a panic, you click on the link in the email and are brought to your bank’s web site. Without giving it a second thought, you enter your user name and password to access your account online. In that moment, you have just handed an unknown criminal the keys to your banking account. You’ve been the victim of a phishing1 scheme.
Phishing has become one of the most common methods of electronically stealing people’s identities. During the period between May 2004 and May 2005, over 1.2 million individuals were victims of these attacks and have lost approximately $929 million. Clearly, phishing is a big problem, but the question is how can you protect yourself from being reeled in?
One way is to increase your suspicion. The emails and web sites used in these phishing schemes are often remarkably accurate in appearance and tone to the real thing. That can make it difficult for you to recognize a fraud. However, there are a couple of things that can alert you to danger.
First, check how the email is addressed. Does it say “Dear Paypal Customer” or does it include your name? Legitimate emails from these companies will use your name in the salutation. If the email begins with a generic salutation that could have been sent to anyone, then you should think twice before following any links in the email.
Second, consider what the email is saying. Phishing schemes frequently use scare tactics, such as telling you that your account is being suspended, to make you act quickly and without thinking. Don’t fall into their trap! If you receive an email stating that some problem exists with your account, contact the organization by email or, preferably, by phone to check the status for yourself.
Finally, never click on a link in the email. These links will redirect you to the attackers’ web site. Instead, go to the organization’s web site on your own. For example, if you received an email supposedly from Ebay about your account, you would type www.ebay.com into your browser instead of using the link. That way you can check the status of your account safely because you’ll know you are at the right location.
Of course, phishing is only one method of stealing your identity. If you want to learn how to protect yourself from phishing and other methods or if you’ve been a victim of identity theft and need to know what steps to take now, you need to read Identity Theft: A Resource Guide from PCSecurityNews.com. The ebook is available at http://www.PCSecurityNews.com.