Protecting yourself from Phishing attacks



OK – well if you know what phishing is. You may already be ahead of the game. By now you’ve probably seen the messages.

From:security@yourbank.com
to:youremailaddress@isp.com
subject:Security breach of your account

text:
It has come to our attention that there have been numerous ip addresses attempting to access your account with www.yourbank.com. If you would please log in through the form we have setup at yourbank.com/reactivate to reactivate your account. Your account will be suspended until we verify your information.

Of course, the yourbank.com address is either mispelled or actually links to another site and the form is used to steal your banking information. Most of these don’t seem authentic, many times poor spelling gives the attempt away, or poor grammer. (Possibly pointing to a non-english speaking phisher.) For that matter does the logic of their message make sense – “multiple ip addresses have been recorded trying to access your account.” Well…. hmm if I try to access my account from more than one computer I get the same effect, or if I have dialup internet access.

But the potential is there that they could perfect spelling and polish their grammer and then how do you spot them? It might be possible to see the weblink if you look at the email source, but that’s getting into murky territory.

The safest is the following.
1) Know your financial institutions contact policy. Open up a new web browser window, go to their site and read their policy information on that site. Most banks now, will mention specifically that they do NOT send out messages asking people to confirm login information.
2) Be suspicious of anyone that tries to pressure you into acting immediately or something terrible and inconvenient will happen.
3) Stop and think. If my BANK account were about to be suspended would they just send me an email or would they give a phone call? Maybe even a letter?
4) If something really concerns you, give your bank a call for verification. NEVER use a number given in an email of this sort though as it could forward to who knows where. ALWAYS use another trusted source to find either a phone number, email or web address for the institution.
5) Don’t be afraid to log in to your bank site over the internet. Be cautious of logging in at public computers, make sure there is the “lock” icon in the information bar, or https: in the address bar of your browser when logging in and viewing account information and be cautious of following links to the site. Make sure you have the correct address.

The bottom line of all of this is to be “web smart”, take dire warnings with a grain of salt and practice stepping back, taking a deep breath and weighing the facts to see if everything adds up. Open a fresh browser window (not from a link) and then go see that there is likely no crisis with your account.

   Send article as PDF   

Similar Posts