The Facts

• Every month over 22,000 unique fraudulent phishing campaigns are reported to law enforcement.

• Every month an average of 20,000 fraudulent websites are detected which claim to be representing legitimate companies.

• In 2007, an average of 150 companies reported false websites representing their corporate brand every month.

• Some phishing websites remain online for 30 days before being disabled by law enforcement.

• Many of these fraudulent websites attempt to install applications that steal your passwords and personal data.
  
  * Data obtained from APWG

Anti-phishing Resources

• Symantec

• McAfee SiteAdvisor

• Anti-phishing Working Group

• Internet Crime Complaint Center

What is phishing?

Phishing is a deceptive activity where a criminal attempts to obtain personal data, financial data or passwords from an unsuspecting user. This is typically attempted in the form of an email or fraudulent website. 

Do we have your attention?

The Internet has grown into a great tool for making our lives more convenient and because of this we have seen many individuals let their guard down. Think about receiving a phone call where someone asks you for your bank account number.

• Would you release that information freely?
• Would you verify who was calling?
• How might you verify the caller’s identity?
• How much information would you be willing to release?

You probably would not release too much information over the phone, but what if you received an email from your bank asking for the same information. What are some questions you should consider.

• Are you certain this email is from your bank?
• If it asks you to click on a link (or URL) how do you know where it is really taking you?
• Is this normal behavior for your bank?
• Why is my bank asking for this information...shouldn’t they already have it?

In the early days of phishing it was easy to identify the fraudulent emails as many contained grammatical errors and simply looked suspicious. Today it is quite difficult to tell a fraudulent email from a legitimate email so instead we rely on several basic rules.

• Never respond to online requests for personal or financial data.
• Never click on links in an email that are requesting personal or financial data. If you must update an online account, enter the link or URL yourself directly into your browser.
• If you are ever suspicious of an online request, call the company or organization directly and confirm that they made the request.

A free tool that we have found extremely useful is McAfee’s SiteAdvisor. It runs alongside Internet Explorer and evaluates the websites you visit. The application will warn you if a known fraudulent site is visited or if the site you are viewing appears suspicious. Click here for more information.

Where to find more help.

• If you have already given out personal information
• Additional information on protecting your online identity
• Examples of phishing emails and websites
• How to report a phishing email or website
• Technical white paper on Phishing