Posted by Jack Doyle on Tue, Oct 13, 2009
You may have heard the news of a recent phishing scam that resulted in usernames and passwords of Hotmail, Gmail, AOL, and Yahoo! users being posted to Websites across the Internet. These types of scams can typically be avoided with some good advice and good old critical thinking.
Phishing, by Wikipedia's definition, refers to the "fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card information by masquerading as a trustworthy entity in an electronic communication." The following tips can help you avoid becoming victim to these types of scams.
1. Your usernames and passwords are the keys to your Banking sites, Email, and Online Retailers. Use strong passwords, or passwords containing at least 7 characters, using upper case, lower case, numbers, and symbols. Don't use the same passwords for sites containing sensitive information. Change your passwords often. If you have trouble remembering all of your passwords, consider a password manager. Often you are asked to provide additional personal information when creating accounts. This information is used to authenticate you in the event that you lose your password. Typically, the information given is less secure than the password. Provide information that only you would know the answer to. All of your friends know your pet's name and the street you grew up on, so don't use them.
2. Be careful of what you click on. I know that blinking advertisements promising free money are appealing, but in reality, no one is going to give you anything free. Don't click on it! Be very wary when you receive an email requesting personal information or asking you to confirm information. The email may look legitimate, as most phishing scams now do. Most online companies make it their policy to never ask you for passwords or personal information. If you are unsure, contact the company directly. Use known contact information; do not use the phone numbers or email addresses on the questionable site. Check past bills, statements, or the main Website for this information.
3. When logging onto a site requiring a password, credit card information, social security numbers, etc., look for secure sites. The URL of a secure site will begin with HTTPS. You will also notice a padlock either next to the address bar on in the status bar of the browser. Pay attention to the URL of a website. Malicious sites will use URLs that look almost identical to the real URL.
4. Use Anti-Virus, firewalls, anti-malware, and spam filters. Although, these will not protect you from every scam out there, they do prevent most from even hitting your Inbox. Also, take advantage of the anti-phishing capabilities in your browsers. When this is enabled, all sites you visit are checked against known phishing sites and will prevent you from browsing to them.
So what do you do if you think you have fallen victim to a scam? Report it immediately! Contact your financial institutions, immediately change passwords, look for signs of identity theft, and possibly even report it to the Police.