Search Google News for "phishing scams" and you'll come up with hundreds of articles on the topic. Unfortunately, it seems these bogus e-mails designed to "fish" for Internet users' personal information are becoming more frequent—and more sophisticated.
In June alone, more than 49,000 unique phishing sites were detected, according to The Anti-Phishing Working Group, an educational organization devoted to eliminating phishing scams. That's the second-highest number recorded since the organization began keeping count.
You may think you'll never fall for one of these e-mails—and I certainly hope that's the case—but I'll show you what clues you can look for to safeguard your information.
Generally, anytime you receive an e-mail urging you to click on a link to verify your account information, a red flag should instantly go up.
In fact, the best course of action in that case is to go to your account by typing the URL in your browser's address bar or using your bookmark, log in and check your account for any alerts. Yet, everyday, people get taken in by phony e-mails that look frighteningly real.
“The best option is always to go directly to a site by typing the URL in your browser's address bar or using one of your bookmarks”
Identifying a 'phishy' situation
One way you can prevent yourself from falling prey to such scams is to understand the technology behind these unsolicited e-mails. I'll break it down for you.
From addresses: The "from address" on suspicious e-mails can be a clue to whether an e-mail is on the up and up, but it shouldn't be your only clue. These can be faked, but it's still a good idea to look at the address carefully to see if it matches "from name," or the organization that is supposed to be sending you the e-mail. For instance, if you receive an e-mail from Auctiva, the from address should be @auctiva.com or @auctivacommerce.com.
If it differs even slightly—for instance if the from address is @auctivacustomers.com or @customers-auctiva.com (note the hyphen)—you're not dealing with a legitimate e-mail from Auctiva.
“Mouse over the link to see where it would take you, or right-click and view the properties to find out the true address of the link”
It's also a good idea to compare the from address with other e-mail communications you've received from the company in the past that you know for a fact are legit. If you don't have any previous e-mails from the organization, open a new browser window, navigate to the company's site and look up the Contact Us or About Us page to find its e-mail address.
Links: You'll get another clue about whether you're dealing with a fake organization from the links included in the e-mail. But use caution. Phishing sites can infect your computer with malware, so don't click on any links unless you're certain they're safe. And don't trust the link's display text, either. It could read one thing, but clicking the link might take you elsewhere.
The best ways to detect a phishing link are to mouse over the link to see where it would take you, or right-click and view the properties to find out the true address of the link. When you place your curser over the link, you'll be able to see the link's true Web address displayed as floating text or at the bottom of your browser window. Inspect the displayed address carefully. Does it look correct? Does it look like a subdomain?
Hackers commonly employ a technique known as "typo squatting" or "cyber squatting." This involves using a Web address that resembles the name of a well known company, but with slight modifications, according to Microsoft Corp., which has done extensive research into identifying and preventing phishing attacks. A Web address might have missing or transposed letters, or appear to be a subdomain (e.g., www . verify-microsoft . com). Remember, a subdomain is always to the left of the primary domain, separated by a dot— not a dash, underscore or other punctuation. So it's essential to carefully examine the address that displays when you hover your mouse or examine the properties.
If it's not a Web address you recognize and trust, don't click on it. But if you do click a link, make sure it takes you to an address you recognize. If you're taken to a login screen, be sure the URL in the address bar starts with "https," which denotes a secure site.
“Phishing scams typically have generic greetings such as "Dear Valued Customer," or refer to you by your e-mail address”
Greetings and solicitations: Now it's time to look at the actual text in the e-mail. The first thing you want to do is to glance at the greeting. Phishing scams typically have very generic greetings such as "Dear Valued Customer," or they may refer to you by your e-mail address since they don't have access to your account information.
If you see such a generic greeting, be cautious. The organizations you have accounts with know your username, business name, etc., and will usually use one of these in their greetings. For instance, when customers receive e-mails from Auctiva, Auctiva Commerce or other Auctiva products, users are addressed by their account username, not their e-mail address.
Also be wary of e-mails that ask you to verify information without first logging into your account. Companies will not typically ask you to confirm sensitive information, such as your credit card number, your national insurance number, social security number or account password in an e-mail. Legitimate organizations want to safeguard your information, and will usually ask you to log into your account before you input any sensitive information. You should also notice a closed padlock in your address bar, or a URL beginning with "https," indicating that your information is indeed safe.
A common scammer's ploy it to convey a sense of urgency to get you click on a link. If you receive an urgent-sounding message that claims to be from your bank, eBay, or even Auctiva, open a new browser window and check your account to verify the information by accessing it as you normally would—not through a link in the e-mail. And keep an eye on your account to make sure you don't see any suspicious activity.
Grammar: Read over the e-mail you receive carefully. This can be one of the simplest ways to tell if that e-mail is legitimate. Professional organizations take all their communications with customers seriously, so their e-mails are punctuated properly and you shouldn't find spelling errors. If you find typos, you may be dealing with a scammer.
But if after going through this checklist you're still unsure whether that e-mail is phishy, the safest bet is to not click any of the links contained in the e-mail and don't reply to the e-mail you were sent.
Or when in doubt, go directly to the site in question by typing the address into your browser bar, or by using one of your bookmarks.
Don't let scammers hook you. For more information on how to avoid phishing e-mails, visit the antiphishing dot org website.
Ebay Scams And Cons Don't Get 'Phished' In
Views 6 Likes Comments Comment
20 February 2010
Have something to share, create your own guide... Write a guide