Professional Documents
Culture Documents
The golden rule to avoid being phished is to never ever click the links
within the text of the e-mail. Always delete the e-mail immediately. Once
you have deleted the e-mail then empty the trash box in your e-mail client as
well. This will prevent "accidental" clicks from happening as well. If, for some
really odd reason you have this nagging feeling that this could just possibly
be a legitimate e-mail and nothing can convince you otherwise, you still need
to adhere to the golden rule and not click the link in the message. For those
truly worried that an account may be in jeopardy if you do not verify your
information, you need to open your Web browser program of choice and type
the URL to the Web site in the address field of your browser and log on to the
Web site as you normally would (without going through the e-mail link as a
quick route). This will provide you with accurate information about your
account and allow you to completely avoid the possibility of landing on a
spoof Web site and giving your information to someone you shouldn't.
Now that you know how to avoid being phished, there is still the question of
what to do about phishing e-mails should you be a recipient of them. First of
all, you can visit the Web site of the company from whom the e-mail appears
to be from and take the time to notify them of the suspicious e-mail. Many
companies do want to know if their company name is being used to try and
scam people, and you'll find scam and spoof reporting links within some of
these Web sites. Additionally, you can report phishing to the Federal Trade
Commission (FTC), and depending on where you live, some local authorities
may also accept Internet phishing scam reports. Lastly, you can also send
details of a phishing scam to to the Anti-Phishing Working Group who is
building a repository/database of common scams to help inform people of
the risks.
The term had its coming out when the FBI called phishing the "hottest, and
most troubling, new scam on the Internet." Likewise, it was mentioned that
Phishing means to steal your information by Charlotte Observer, July 25,
2003, then Kevin Pang said "'Phishers' widen their catch of Web identity
victims," Chicago Tribune, July 29, 2003
Notes:
The term phishing comes from the fact that Internet scammers are using
increasingly sophisticated lures as they "fish" for users' financial information
and password data. The most common ploy is to copy the Web page code
from a major site — such as AOL — and use that code to set up a replica
page that appears to be part of the company's site. (This is why phishing is
also called brand spoofing.) A fake e-mail is sent out with a link to this page,
which solicits the user's credit card data or password. When the form is
submitted, it sends the data to the scammer while leaving the user on the
company's site so they don't suspect a thing.
Hackers have an endearing tendency to change the letter "f" to "ph," and
phishing is but one example. The f-to-ph transformation is not new among
hackers, either. It first appeared in the late 1960s among telephone system
hackers, who called themselves phone phreaks. Here's the earliest citation of
the word phreak:
According to Wilson, Phishing works this way: Suppose you check your e-mail
one day and find a message from your bank. You've gotten e-mail from them
before, but this one seems suspicious, especially since it threatens to close
your account if you don't reply immediately. What do you do?
Most people associate phishing with e-mail messages that spoof, or mimic,
banks, credit card companies or other business like Amazon and eBay. These
messages look authentic and attempt to get victims to reveal their personal
information. But e-mail messages are only one small piece of a phishing
scam.