Tuesday, September 25, 2007

Security Tip: Phishing

From Wikipedia "phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication." I've received emails from Washington Mutual asking that I sign into a particular page to re-enter my account number and password. I don't even have an account with Washington Mutual, but the person sending it out is just hoping to land the message in a naive person's email to get their bank account information and do something of a criminal nature.

Banks should never ask you to email your password and account information, no company should. Always be more skeptical than believing. eBay and PayPal are some of the most targeted companies. Don't ever send sensitive information (Social Security Numbers, passwords, account numbers, financial information, etc.) via email. It is possible for an unintended party to intercept your email and see everything in it unless you encrypt it.

Phishing isn't only a problem you find in email, there is also phone phishing. I've had people call my cell phone saying that I won a cruise and that they needed to get my bank account number and permission to deposit several hundred dollars in it. I almost fell for it, but I realized there was no way that could be possible, I never entered any such contest. If something sounds too good to be true, it almost always is.

Microsoft has some good tips on how to recognize phishing scams as well.

Here are a few more good tips I found:
  1. Don't click on links in emails you are wary of, they may end up downloading a virus onto your computer, or taking you to a fraudulent website.

  2. If you do enter your credit card online to make purchases (or any other type of sensitive data), make sure the beginning of the web address starts with "https://" not just "http://"

  3. Regularly log into your banking and credit card accounts to monitor your transactions.

No comments: