This is a guest post by Joe Schembri. If you are interested to guest post in this blog, just head over to the Guest Post Guidelines.
The Internet has made ecommerce, banking, and other financial transactions easy and convenient, which has attracted millions of users worldwide to the Web to manage bank accounts, monitor credit card statements, and purchase goods and services.
Unfortunately, it has also attracted thieves who exploit the trust of average consumers by tricking them into revealing user names and passwords, account numbers, and other financially sensitive data.
Phishing is one of the techniques criminals use to acquire this information. Phishing most often takes the form of electronic communication, such as email, but can also be present in instant messaging and other communications.
These communications are carefully disguised to look like they come from common websites, auction sites, banking institutions, and online payment processing sites.
They often use a related technique called email spoofing, which masks the real email address and makes it appear that the email comes from a legitimate website or business.
Phishing scams often begin by alerting the recipient to a fictional breach in their account and asking them to reply to the email with specific account information. Other phishing scams include a link in the email.
Once an unsuspecting recipient clicks on the link, they are directed to a phony website that is designed to look and function almost exactly like the real site.
Once on the phony site, users may then enter login information or provide other secure information that the site captures and uses to defraud the user. Sometimes, phishing scams install malicious programs or viruses on the user’s machine if they click on the links in the message.
Signs to Look For
Consumers should examine all incoming email from any sites or institutions that they have accounts with or have conducted business with. Phishing emails often request the recipient to complete a specific action, such as submitting a payment or verifying a credit card number, account information, or social security number, or revealing user names and passwords.
Less sophisticated phishing scams may use web-based email, such as Gmail or Yahoo! to generate an email address that looks like it comes from a reputable source, such as YourBankName@gmail.com.
This should be an instant red flag as nearly every company that conducts secure web transactions will use email addresses from its own domain. Legitimate email addresses usually have the company name in the “at” section, such as CustomerService@YourBankName.com.
Even if the email appears to come from a legitimate email address, due to fraud and security issues, most reputable companies will never request users to send any sensitive information via email.
What to Do If You Suspect Phishing
Any email, regardless of the originating email address, that requests the recipient to share any financially sensitive or personal information, is suspect. Recipients should refrain from clicking on any links in the email and should immediately delete the suspicious message.
Recipients should also alert the website or company that the suspicious email supposedly came from so that they can take appropriate steps to protect their customers.
If you’re not sure whether the message is genuine or not, contact the institution directly by visiting their website (not the link in the email) or calling the phone number on your statement or the back of your bank card. By taking these simple precautions, you can protect yourself from phishing-related fraud.
About the Author: These security tips were provided by Joe Schembri with Villanova University’s CISSP certification prep courses. In addition to training courses, Villanova also offers articles about different strategies and jobs.