How many of you have taken the time to read how your bank, email provider, PayPal, EBay and other internet connections will contact you and under what circumstances? They have that information available and forewarned is forearmed when you get phishing emails and it gives you some opportunity to decide whether or not to respond or 'click'.
If you do decide to respond, open a new browser window and go to the site in question and log on. Check your message box there ~ if it's empty, more than likely you are dealing with a phishing attempt.
What's phishing? I trotted off to Wikipedia for you. :) (http://en.wikipedia.org/wiki/Phishing) I've taken the liberty of quoting a couple of sections:
Definition of 'phishing':
'In the field of
computer security,
phishing is the
criminally fraudulent process of attempting to acquire sensitive information such as usernames,
passwords and credit card details by masquerading as a trustworthy entity in an
electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by
e-mail or
instant messaging,
[1] and it often directs users to enter details at a fake website whose
look and feel are almost identical to the legitimate one. Phishing is an example of
social engineering techniques used to fool users,
[2] and exploits the poor usability of current web security technologies.
[3] Attempts to deal with the growing number of reported phishing incidents include
legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of
fishing,
[4] probably influenced by
phreaking,
[5][6] and alludes to baits used to "catch" financial information and passwords.'
'Social responses
Social responses
One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them.
Education can be effective, especially where training provides direct feedback.
[56] One newer phishing tactic, which uses phishing e-mails targeted at a specific company, known as
spear phishing, has been harnessed to train individuals at various locations, including
United States Military Academy at West Point, NY. In a June 2004 experiment with spear phishing, 80% of 500 West Point cadets who were sent a fake e-mail were tricked into revealing personal information.
[57]
People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified" (or any other topic used by phishers), it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any
hyperlinks in the suspected phishing message.
[58]
Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers. Some companies, for example
PayPal, always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion ("
Dear PayPal customer") it is likely to be an attempt at phishing.
[59] E-mails from banks and credit card companies often include partial account numbers. However, recent research
[60] has shown that the public do not typically distinguish between the first few digits and the last few digits of an account number—a significant problem since the first few digits are often the same for all clients of a financial institution. People can be trained to have their suspicion aroused if the message does not contain any specific personal information. Phishing attempts in early 2006, however, used personalized information, which makes it unsafe to assume that the presence of personal information alone guarantees that a message is legitimate.
[61] Furthermore, another recent study concluded in part that the presence of personal information does not significantly affect the success rate of phishing attacks,
[62] which suggests that most people do not pay attention to such details.
Recent examples of 'phishing' I've received:
CONFIRM YOUR WINDOWS LIVE ACCOUNT SERVICES. VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!!
Dear Account Owner
This is email from Windows Live Hotmail and we are sending to all account user for safety. Due to the anonymous registration of our account which is causing congestion to our service so we are shutting down some account and your account was among those to be deleted so the purpose of this email is for you to verify that you are the owner of this account and you are still using it by filling the information below after clicking on the reply button:
* Username:
* Password:
* Date of Birth:
* Country Or Territory:
Confirm your E-mail by filling out your Login Information below after clicking the reply button or your account will be suspended within 48 hours for security reasons.
Sincerely
The Windows Live Hotmail Team
**************
Subject: Your facebook password has been changed. ID243
From: "Facebook office"
Date: Thu, 18 Nov 2010
Dear Customer
A spam is sent from your Facebook account. Your password has been changed for safety. Information regarding your account and a new password is attached to the letter. Read this information thoroughly and change the password to complicated one.
Thank you for your attention,
Facebook Service.
