Staying Safe Online

Search this site:

 
     
Home
 News
Why This Site?
About Us
Contact Us

Personal Safety
Children Online
Online Dangers to Kids
Child Safety Tips
Adult Safety
Online Dating
Meeting People
Cyberbullies
Social Networking
Phishing
Social Engineering

Computer Safety
 Hackers
Passwords
Spyware
Backdoors
Keyloggers
Viruses
Antivirus
Firewalls
Spam
Hoaxes
Scams

Internet Manners
Netiquette
Copyrights & the Internet
Bandwidth Theft

 

   What is Phishing?

Many people are receiving what are called "phishing" attacks in their email these days. It's another type of hoax email with a more sinister purpose. These types of hoaxes are designed to fool you into giving up very sensitive personal information like your bank account numbers, PIN numbers, credit card numbers and expiration date, Social Insurance numbers (Social Security number for Americans), your real name in full, address, phone numbers, driver's license information, etc.

How Phishing Works

A phishing hoax works like this: You get an official looking email which is supposedly from a bank (it could be your bank or one that you don't deal with) or another company that handles financial transactions (like Paypal, or Ebay). A large amount of money is going to be withdrawn from your account unless you go to their site (with the link helpfully provided) and fill out the form provided.

If you click on the link, it will take you to a site or a pop-up window that looks almost exactly like the company's real site with actual logos that are stolen from the real website. These are known as "spoofed" websites. The form provided asks all sorts of information about you, your account number, and any other important information about your account and any other accounts you hold.  It's pretty hard to spot the difference between the spoofed website and the real one - almost impossible if you have never been to the company's website before.

The Consequences of Falling for a Phishing Scam

Once you enter that information, the scammers can use that to empty your bank accounts, apply for credit cards, rack up charges, apply for driver's licenses, rent property (and not pay the rent) under your name. Basically they can recreate your whole identity and use it for illegal purposes leaving you with the headache of proving to credit bureaus, banks, law enforcement officials, etc that it wasn't you that committed the crimes.

How to Protect Yourself

The best way to protect yourself is by knowing what to look for.

  • If you get an email that is supposedly from a bank, or online store or other website that deals with financial transactions be suspicious. Have they ever contacted you by email before? If they never have in the past, why would they start now?
     
  • The first thing to look for is how they address you. If they are for real they will usually address you by your real name (or the name that you have given them). A real email will usually not address you as "Dear Customer"
     
  • Is a reply required "immediately"? A scammer likes to scare people into reacting before they have a chance to think about the situation. Be suspicious of anything that says that if you don't reply "right away" you are going to lose a great deal of money.
     
  • Are they asking you for your passwords, account numbers, credit card numbers, social security numbers (or SINs)? Ask yourself "Why?". Companies that you have dealt with have all that type of information in their files. They will never need you to give it to them in an email.
     
  • Regularly check your bank, credit card and other accounts. If there are any charges there you don't think are legitimate notify your account providers immediately.
     
  • Don't use the links in an email to get to a website, especially if you think that the email is not for real. Often the links will take you to sites that will attack your computer. (I had this happen to me when I was researching a phishing site for an article I was writing. I clicked the link and they tried to download a keystroke logger onto my computer.)
     
  • Make sure you have the latest updates for your browser and operating system. If you do accidentally click on a link, it might offer you more protection than outdated versions.
     
  • Always make sure you are using a secure website anytime you enter information like credit card numbers online. The way to check if a website is secure it to look at the beginning of the Web address in your browser's address bar. A secure site will start with "https://" not "http://"
     
  • If you receive an email from a company that makes you nervous, then get on the phone to them, or visit them in person if you can to find out if it is legitimate.
  
 

© Copyright 2004 - 2008
All Rights Reserved.
Page last updated January 26, 2008