In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a web site, although phone contact has also been used.1
When users respond with the requested information, attackers can use it to gain access to the accounts. How do you avoid being a victim?
- Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. if an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Don't send sensitive information over the Internet before checking a web site's security policy or looking for evidence that the information is being encrypted. Signs of encryption include a URL that begins with "https:" and a padlock icon in the bottom of your browser window.
- Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. More information about phishing is available from the Anti-Phishing Working Group at: http://www.antiphishing.org/ or OnguardOnline at http://www.onguardonline.gov/phishing.html.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
From the BCITS Help Center: Watch a video to find out more about phishing e-mail scans and how they are used for identify theft: http://www.microsoft.com/athome/security/email/phishing/video1.mspx. Take a phishing quiz at: http://www.sonicwall.com/phishing/.
1 http://en.wikipedia.org/wiki/Phishing