|
| 
|
Phishing
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
Look familiar? E-mails containing such messages are examples of phishing – the practice of sending spam or pop-up messages to entice individuals into providing personal information, particularly related to credit card numbers, bank account information, Social Security Numbers, or passwords.
These e-mails look legitimate and may direct you to a Web site that looks just like a legitimate organization’s site, such as Amazon or Bank of America. But they are not . Scam artists are able to use logos and other graphics from the real organization in order to fool you. The links contained in the e-mail may include all or part of the real company’s name, but the link does not take you to that actual Web site. Often these e-mail messages convey a sense of urgency so that you will respond quickly.
Tips to Recognize Fraudulent Web Addresses
In order to see if a website link in an e-mail is legitimate, look at the web address, otherwise known as the Uniform Resource Locator [URL].
A URL has several parts to it. The most important part is the address which begins after http:/ and ends with the next /. The right-hand side of the address indicates the name of the site such as http://chaseonline. chase.com /. This site is a part of Chase because chase.com is before the first slash in the URL. When an “s” follows “http”, this indicates that information can be transferred securely on the website.
If numbers are in a Web address, then it is generally a false address, especially if numbers are located in the beginning of the web address, such as http:/ 146.93..82.1 /ebay/. A seemingly random combination of letters and numbers in a Web address is also indicative of a false URL.
If the URL contains a company name followed by a hyphen, this is probably a phishing scam, such as http:/ msn-verify .com/
Also, pay attention to whether or not a Web address ends in .com versus .net and verify the actual address of the company through a Google search. If you type a URL into the Google search box, the results will indicate if it is a correct address for the company to which it claims to belong, such as Citibank, Amazon, and MBNA.
Tips to Combat a Compromise
Here are some tips provided by Onguardonline.gov to avoid getting taken advantage of by phishers:
- If you get an e-mail or pop-up message that asks for personal or financial information, do not reply. And do not click on the link in the message, either. A legitimate company is not going to contact you for important information via e-mail.
- Be cautious about opening any attachment or downloading any file from e-mails you receive, regardless of who sent them.
- Forward unwanted, deceptive, or phishing-type spam (with the full header of the message) to spam@uce.gov and to the company, bank, or organization impersonated in the phishing mail.
- If you believe you have been scammed, file a complaint at ftc.gov, and then visit the FTC’s Identity Theft Web site at www.consumer.gov/idtheft. You can take steps to minimize the risk of identity theft.
Additional Resources
- “Anti-Phishing Phil” is an interactive game, developed by members of the CMU Usable Privacy and Security Laboratory with funding from the US National Science Foundation (Cyber Trust initiative) and ARO/CyLab. It teaches users how to recognize legitimate Web site addresses, how to recognize elements of dangerous site addresses, and how to protect themselves by using search engines to confirm whether sites are legitimate. To play the game, go to: http://cups.cs.cmu.edu/antiphishing_phil
- Additional information on efforts to combat phishing is available from the he Anti-Phishing Working Group at www.antiphishing.org.
|
|
