Protect Yourself From Phishing Scams
5 Simple Steps For Users To Avoid Being Phishing Victims
By Tony Bradley, CISSP-ISSAP, About.com
Phishing attacks have become more sophisticated and users need simple steps they can use to protect themselves from becoming victims of phishing scams. Follow these 5 steps to avoid being a victim and protect yourself from phishing scams.
- Be Skeptical: It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. You should never supply your username, password, account number or any other personal or confidential information via email and you should not reply directly to the email in question. Ed Skoudis says “If the user really suspects that an e-mail is legit, they should: 1) close their e-mail client, 2) close ALL browser windows, 3) open a brand new browser, 4) surf to the e-commerce company's site as they normally would. If there's anything wrong with their account, there will be a message at the site when they log in. We need people to close their mail readers and browsers first, just in case an attacker sent a malicious script or pulled another fast one to direct the user to a different site.”
- Use The Old-Fashioned Way: An even safer means of verifying if an email regarding your account is legitimate or not is to simply delete the email and pick up the phone. Rather than risking that you may somehow be emailing the attacker or mis-directed to the attacker’s replica web site, just call customer service and explain what the email stated to verify if there is truly a problem with your account or if this is simply a phishing scam.
- Do Your Homework: When your bank statements or account details arrive, whether in print or through electronic means, analyze them closely. Make sure there are no transactions that you can’t account for and that all of the decimals are in the right spots. If you find any problems contact the company or financial institution in question immediately to notify them.
- Let Your Web Browser Warn You: The latest generation web browsers, such as Internet Explorer 7 and Firefox 2.0 come with built in phishing protection. These browsers will analyze web sites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.
- Report Suspicious Activity: If you receive emails that are part of a phishing scam or even seem suspicious you should report them. Douglas Schweitzer says "Report suspicious e-mails to your ISP and be sure to also report them to the Federal Trade Commission (FTC) at www.ftc.gov".