Phishing

What is phishing?

Phishing is a deceptive activity where a criminal attempts to obtain personal data, financial data or passwords from an unsuspecting user. This is typically attempted in the form of an email or fraudulent website.

Do we have your attention?

The Internet has grown into a great tool for making our lives more convenient and because of this we have seen many individuals let their guard down. Think about receiving a phone call where someone asks you for your bank account number.

  • Would you release that information freely?
  • Would you verify who was calling?
  • How might you verify the caller’s identity?
  • How much information would you be willing to release?

You probably would not release too much information over the phone, but what if you received an email from your bank asking for the same information. What are some questions you should consider.

  • Are you certain this email is from your bank?
  • If it asks you to click on a link (or URL) how do you know where it is really taking you?
  • Is this normal behavior for your bank?
  • Why is my bank asking for this information…shouldn’t they already have it?

In the early days of phishing it was easy to identify the fraudulent emails as many contained grammatical errors and simply looked suspicious. Today it is quite difficult to tell a fraudulent email from a legitimate email so instead we rely on several basic rules.

  • Never respond to online requests for personal or financial data.
  • Never click on links in an email that are requesting personal or financial data. If you must update an online account, enter the link or URL yourself directly into your browser.
  • If you are ever suspicious of an online request, call the company or organization directly and confirm that they made the request.

A free tool that we have found extremely useful is Norton Safe Web by Symantec. It runs alongside Internet Explorer or Firefox and evaluates websites as you search for them via Google, Yahoo or Bing. The application will warn you if any of the search results show sites that are known to be malicious.