How Not to Get Hooked by a ‘Phishing’
Internet scammers casting about for people’s financial
information have a new way to lure unsuspecting victims:
They go “phishing.”
Phishing is a high-tech scam that uses spam or pop-up
messages to deceive you into disclosing your credit card
numbers, bank account information, Social Security number,
passwords, or other sensitive information.
According to the Federal Trade Commission (FTC), phishers
send an email or pop-up message that claims to be from a
business or organization that you deal with – for example,
your Internet service provider (ISP), bank, online payment
service, or even a government agency. The message usually
says that you need to “update” or “validate” your account
information. It might threaten some dire consequence if you
don’t respond. The message directs you to a Web site that
looks just like a legitimate organization’s site, but it
isn’t. The purpose of the bogus site? To trick you into
personal information so the operators can steal your
identity and run up bills or commit crimes in your name.
FTC, the nation’s consumer protection agency, suggests these
tips to help you avoid getting hooked by a phishing scam:
you get an email or pop-up message that asks for
personal or financial information, do not reply or click
on the link in the message. Legitimate companies don’t ask
for this information via email. If you are concerned about
your account, contact the organization in the email using a
telephone number you know to be genuine, or open a new
Internet browser session and type in the company’s correct
Web address. In any case, don’t cut and paste the link in
personal or financial information. Email is not a secure
method of transmitting
personal information. If you initiate a transaction and
want to provide your
personal or financial information through an
organization’s Web site, look for indicators that the site
is secure, like a lock icon on the browser’s status bar or a
URL for a website that begins “https:” (the “s” stands for
“secure”). Unfortunately, no indicator is foolproof; some
phishers have forged security icons.
credit card and bank account statements as soon as you
receive them to determine whether there are any unauthorized
charges. If your statement is late by more than a couple of
days, call your credit card company or bank to confirm your
billing address and account balances.
anti-virus software and keep it up to date. Some phishing
emails contain software that can harm your computer or track
your activities on the Internet without your knowledge.
Anti-virus software and a firewall can protect you from
inadvertently accepting such unwanted files. Anti-virus
software scans incoming communications for troublesome
files. Look for anti-virus software that recognizes current
viruses as well as older ones; that can effectively reverse
the damage; and that updates automatically.
firewall helps make you invisible on the Internet and blocks
all communications from unauthorized sources. It’s
especially important to run a firewall if you have a
broadband connection. Finally, your operating system (like
Windows or Linux) may offer free software “patches” to close
holes in the system that hackers or phishers could exploit.
cautious about opening any attachment or downloading any
files from emails you receive, regardless of who sent them.
Report suspicious activity to
the FTC. If you get spam that is phishing for information,
forward it to
email@example.com. If you believe you’ve been scammed, file
your complaint at
www.ftc.gov, and then visit the FTC’s Identity Theft Web
www.consumer.gov/idtheft to learn how to minimize your
risk of damage from ID theft. Visit
www.ftc.gov/spam to learn other ways to avoid email
scams and deal with deceptive spam.