Things to know and do to protect against Phishing (pronounced fishing)
In computing, phishing is a form of criminal activity using social engineering techniques. It is characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication. Phishing is typically done using email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.
As a general rule, banking and e-commerce is very safe; however, you should be careful about giving out your personal financial information over the Internet. Common sense and good monitoring practices will help to avoid becoming a victim of fraudulent scams and reduce losses that can occur from phishing.
- Be suspicious of any email with urgent requests for personal financial information, unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'. Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They may ask for information such as usernames, passwords, credit card numbers, social security numbers, This is your personal information so if you are not initiating contact with a well known company to you don’t give out this information. Emails are typically NOT personalized from scammers. Valid messages from your bank or a company you deal with will be personalized.
- If you suspect the message might not be authentic, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser, do not click on the link in an email they may have sent to you.
- If you are giving your credit card number or account information to anyone, only share it with companies well known to you and via a secure website. If you are not sure if the website is secure then contact the company and ask them about their security online. Web addresses that are secure should be https:// not just http://
- You may install a Web browser tool bar to add protection against phishing activity.
- Log onto your online accounts and credit card accounts frequently, weekly or more often, and verify the activity in the accounts are your own. Report any irregularities immediately to your credit card company or bank institution.
Always report "phishing" or “spoofed” e-mails to the company that is being spoofed. (For example: ebay – report the activity to them and to local law protection agencies.