Re: Email Phishing Alert!
03-29-2010 08:06:42 AM
How to Protect Against Phishing:
- Log Directly Into the Service. If you receive a link from a financial institution, a service provider such as AT&T, or a processor like PayPal, type the website directly into your address bar.
Note: For example for AT&T you would use http://www.att.com/ instead of clicking on the link in the e-mail. However this is not absolute protection because some phishers and spyware writers are modifying the HOSTS file on your PC. The best precaution is to call the company on the telephone to verify the e-mail.
- Beware of Generic Greetings. E-mails from a bank or online retailer should be able to address you by your first and last name since you are an account holder. Phishing e-mails frequently use "Dear User" or "Dear Member".
- Don’t Open Email Attachments. No reputable company will ever send an e-mail asking you to download an attachment or a software program (unless you specifically request it). The attachments contained in phishing e-mails usually contain viruses that may harm your computer or attempt to compromise your account through spyware.
- Be Skeptical of Personal Information Requests. While it is possible for your banking institution to ask for this information it is never advisable to send it via e-mail or to answer such a request via e-mail. A sure-fire tip that criminals are phishing is the request for details such as your full name, account password, credit card number, bank account, PIN number, Social Security Number, or even your mother's maiden name. These are major red flags that the e-mail is not genuine and is only designed to extract information from the target.
- Avoid E-mail Forms. Some phishing attacks will come in the form of Rich HTML that usually has a form where you can input the information directly into the e-mail. Never do this. Always surf directly to the site by manually entering in the web address.
- Keep Tabs on Your Accounts. It is also wise to regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. The longer you go without checking, the more damage a thief can do. You may also want to look at credit and bank monitoring services that will watch this activity for you. If anything is suspicious, contact your bank and all card issuers immediately to double check the transactions.
Note: Be aware that many spyware programs can be installed via e-mail and once on your system the spyware will make it completely open to attackers who are able to intercept not only your surfing history, but keystrokes.