PHISHING SCAMS
How to avoid them.
What is Phishing?
According to the United States Computer Emergency Readiness Team
(US-CERT), Phishing is an attempt by an individual or group to solicit personal
information from unsuspecting users by employing social engineering techniques.
Phishing emails are created to appear as if they have been sent from a
legitimate organization, or known individual. These emails often attempt to
entice users to click on a link that will take the user to a fraudulent website
that appears legitimate. The user then may be asked to provide personal
information such as account usernames and passwords that can further expose them
to future compromises. Additionally, these fraudulent web sites may contain
malicious code.
Common Phrasing used in Phishing Scams:
Extreme Urgency: Phishing attacks often use some urgent time-frame in order to
increase the chance you’ll respond. They might, for example, state that you need
to login “within 24 hours” or “by Thursday at 12:00 a.m.”
Account Restrictions: Many attacks will claim that access to your account has
been (or soon will be) closed. They use phrasing such as “to restore access to
your account” or “to prevent your account from being closed.”
Security Issues: Ironically, attacks often refer to a security threat or breach.
Some will explain that you need to log in to update your security settings.
Others may urge you to download and install a “security update” that is really a
keylogger or other form of malicious software.
Bonuses or Promotions: Some attacks will claim that you’ve won a bonus or special promotion. This may take the form of a cash bonus or a free upgrade to a premium account of some sort. Of course, you have to log in to claim your prize.
How to Avoid Phishing Scams:
Be suspicious of any email with urgent
requests for personal financial information. Check with your bank if you are
unsure of the authenticity of any email. Additionally, avoid filling out forms
in email messages that ask for personal financial information. Only communicate
information such as credit card numbers or account information via a secure
website or the telephone.
Don't use the links in an email, instant message, or chat to get to any web
page, especially if you do not know the sender, or question the authenticity of
the email. Rather, contact the company by phone, or log directly onto their
website by typing the Web address into the browser.
Always ensure that you're using a secure website when submitting credit card or
other sensitive information via your Web browser. Since Phishers are able to
replicate secure Web server imagery such as https:// and the yellow lock,
directly type the Web address into your browser, or click on the yellow lock to
check the security certificate. If the address of the site you have displayed
does NOT match the certificate, do not continue.
Install a Web browser toolbar to help protect you from known fraudulent
websites. These toolbars match where you are going with lists of known phisher
Web sites and will alert you.
Regularly log into online accounts to check activity. Avoid time lapses of over
a month between checks.
Regularly check your bank, credit and debit card statements to ensure that all
transactions are legitimate. If anything is suspicious, or you do not recognize
a transaction, contact your bank and all card issuers.
Ensure that your browser is up to date and security patches are applied.
How to Report Phishing Scams:
NOTE: When forwarding phishing
messages, always include the entire original email with its original header
information intact.
Forward the email to APWG at: reportphishing@antiphishing.org.
Forward the email to the Federal Trade Commission at spam@uce.gov.
Forward the email to the company, bank, or organization impersonated in the
phishing email. Check organization website for how to report problems.
Notify The Internet Crime Complaint Center of the FBI by filing a complaint on
their website: www.ic3.gov/
Robertson County Government
is an Equal Opportunity Employer and a Drug-Free Workplace
This page was last updated on
12/31/2009
Robertson County Sheriff's Office