Tutor Tips from ... the Computer Tutor

24 November 2005

Phishing

Phishing is a form of online fraud. In a typical phishing fraud, an e-mail - supposedly from a legitimate company or financial institution, asks you to “verify” or “resubmit” confidential information. It may gather this information by asking you to complete an online form or by return e-mail.

Fraudsters may be looking for bank account and credit card numbers, passwords, or personal identification numbers (PINs). If you inadvertently respond, these may be used to make unauthorized withdrawals from your bank account or to pay for online purchases. Personal information may even be sold on to other parties.

How to Tell if an e-Mail is Fraudulent
Trust your instincts. If a message looks fraudulent or offers something that looks too good to be true, it possibly is. Here are some phrases that may be used in a phishing e-mail:

  • “Verify your account”
  • “Respond within 48 hours or your account will be closed”
  • "Dear valued customer”
  • "Click the link below to gain access to your account”

How to Avoid Phishing Fraud
 Trust your instincts. Ask yourself why you are being contacted or asked for this information.

  • Never provide your personal information in response to an unsolicited e-mail, fax, pop-up advertisement, or unexpected Website address.
  • Review credit card or bank statements for problems or inconsistencies.

The Dos and Don’ts of Phishing

  • DO report suspicious e-mails. If you are suspicious of a Website, contact the legitimate owners of the site - but not by responding to the e-mail. Use an alternative method. If you are unable to contact the owners, contact the police or District Attorney.
  • DO be wary of clicking on links in e-mail messages, they can lead to fake sites.
  • DO type addresses directly into your browser or use bookmarks.
  • DO check security certificates before entering any personal details.
    The close-lock icon in your browser window shows that the site is protected by encryption, the process of encoding information but remember, even icons can be faked. Double click on it and the security certificate should appear. If the name following “Issued” isn’t the name of the site, the site may be a fake. If you’re in doubt, just don’t enter information. (Read more about the lock icon in Tutor Tip: Lock Icon Displays Browser Security)
  • DO update software regularly.
  • DO review credit card and bank statements for problems or inconsistencies.
  • DON'T enter personal information in pop-up windows - even if they look official and secure.
  • Close pop-ups by clicking on the close(x) button in the top right corner - cancel buttons may not work.

What to Do if You've Had a Phishing Attack

If you suspect that you are a victim of phishing:

  • Alert the relevant organization and the police.
  • Use up-to-date anti-virus and anti-spyware software. Up to date software can keep unwanted or malicious software at bay.
  • Notify financial institutions.
  • Change passwords.
  • Notify the company whose site is being forged.
  • Contact your Internet Service Provider for assistance and to provide them with an alert about the attack.