October 16, 2018 Contact Us At (559) 733-1940       Login   
  
 
ResourcesPhishing – What you need to know to protect yourse    

Torian Group, Inc. - Live Support

 

 
Newsletter Sign-Up
 
 
Phishing – What you need to know to protect yourself.

Phishing – What you need to know to protect yourself.
  Technology with Integrity

By Tim Torian, Torian Group, Inc.

 

Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: They go “phishing.”

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site is to trick you into revealing your personal information so the operators can steal your identity and run up bills or commit crimes in your name. Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.

Phishing is on the rise. According to the Anti-Phishing Working Group (http://www.antiphishing.org/), the number of phishing attacks has grown by over 50% between May and June of 1994. About 11% of those attacked respond by providing information to criminals.

How do you protect yourself?

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email.  Phishers will typically make their message sound urgent, perhaps warning that your information may have been stolen and you need to verify it. If in doubt, contact the company directly using a phone number or web link you know is legitimate. Do not rely on any information provided in the email or web link. Phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are.

Don’t email personal or financial information. This should be obvious, but bears repeating.  Emails are sent in plain text, and unless encrypted are completely insecure. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

If you transact business online, secure sites should start with https: rather than http: and you should see a “lock” icon in the bottom of your browser. Some bogus sites have found a way to fake this icon.  There are also ways to fake the URL (name you see in the top bar of the browser as the web address), so be careful.

Web popups that offer a yes or no button choice should be avoided altogether. Clicking on any link on a suspect web page or email can be enough to infect your computer with software that spies on your activities or installs a virus.  Open the windows task manager, and end the task from there if you are suspicious.

Check your credit card and bank account statements for suspicious transactions. If you don’t receive a statement on time, contact the company to verify that your address has not been hijacked. Regularly log into your online accounts – this verifies that your password is intact, and you can check for suspicious activity. 

Use anti-virus software and keep it up to date.  Make sure your computer is behind some sort of firewall.  Keep your computer up to date by applying security patches and updates.

Most antivirus programs do not detect these kinds of attacks. Spyware detection software is also needed. Spyware tools such as Ad-Aware and Spybot Search and Destroy are adding Phishers to their list of malicious sites. This software needs to be updated regularly, like anti-virus software. Also consider installing a Web browser tool bar to help protect you from known phishing fraud websites.  EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites. It’s free - download at http://www.earthlink.net/earthlinktoolbar .

If you think you may have been a victim of Phishing, this web site has a list of steps you can take: http://www.antiphishing.org/consumer_recs2.html.

You can report "phishing" or “spoofed” e-mails to the following groups:

  • forward the email to reportphishing@antiphishing.com
  • forward the email to the Federal Trade Commission at spam@uce.gov
  • forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")

When forwarding spoofed messages, always include the entire original email with its original header information intact

Recent phishing scams:
1. Update Your Billing Information (from eBay)
2. Your account at eBay has been suspended
3. Your account at Wells Fargo has been suspended
4. Notification of US Bank Internet Banking
5. Attn: Citibank Update
6  Confirm AOL Billing Info

For more information:
http://www.antiphishing.org/
- The Anti Phishing organization.
http://survey.mailfrontier.com/survey/quiztest.html
- More Examples
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm - FTC advice on staying safe.
http://www.microsoft.com/security - General advice on keeping your computer safe.


Tim Torian teaches computer networking at the College of Sequoias, and has owned and managed several businesses. He is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, and custom software development. They can be reached at (559) 733-1940 or on the web at http://www.toriangroup.com

     
 

Torian Group, Inc. Phone: (559) 733-1940  Fax: (559) 532-0207  Contact us