It’s a scam that generates billions of dollars even when only 5 percent of the darts hit the target, it threatens the integrity of online transactions between customers and e-business houses, it’s a constant cat-and-mouse game between the perpetrators and the security guys hot on their heels – phishing, carding, brand spoofing, web spoofing – call it what you will, there’s no escaping the fact that the threat of this swindle is getting more dangerous by the day.

The offenders have at their disposal an arsenal of weaponry – seemingly innocuous links embedded in emails that redirect to fake sites, pop-up windows that encourage you to enter sensitive information, URL masks that conjure up real Web addresses, and keystroke loggers that are lurking around waiting to capture your user ids and passwords even as you type them. You don’t necessarily have to be tech-savvy to protect yourself from phishing attacks, it’s enough if you keep your wits about you, are a little aware that not all sites on the Internet are the genuine article, and follow one or a combination of the following tips.

1. Never trust strangers: The same rules you were taught as a child come into play here; DO NOT open emails that are from people you don’t know. Set your junk and spam mail filter to deliver only content from those in your address book.

2. Sidestep those links: What happens if your spam filter is fooled into delivering junk mail to your inbox, and you happen to open it? Simple – NEVER click on links embedded in your email.

3. Guard your privacy: Your mouse just happened to move over the link and lo and behold, you’re transported to another website where you’re asked to provide sensitive information like user names, account numbers, password and credit card and social security numbers. Just one word for you – DON’T.

4. Fear Not: More often than not, these phony websites come with threats or warnings that your account is in danger of being deactivated if you don’t confirm your user information, or that the IRS is due to pay you a visit if you don’t comply with what’s written on the page. Just IGNORE them.

5. Pick up the phone and call: If you are in doubt that it just may be a legitimate request, and that your bank is actually asking you to reveal sensitive information online, CALL your customer service representative before you do anything foolhardy.

6. Use the keypad, not the mouse: TYPE in URLs instead of clicking on links to online shopping and banking sites that typically ask for credit card and account numbers.

7. Look for the lock: Valid sites that use encryption to securely transfer sensitive information are characterized by a lock on the bottom right of your browser window, NOT your web page. They also have addresses that begin with https:// rather than the usual http://.

8. Spot the difference: Sometimes, just the presence of the lock alone is proof enough that the site is authentic. To verify its genuineness, double-click the lock to display the site’s security certificate, and CHECK if the name on the certificate and the address bar match. If they don’t you’re on a problem site, so get the hell out of there.

9. Second time right: If you’re worried that you’ve reached a phishing site that’s masquerading as your banking page, sometimes the easiest way to check is to enter a WRONG password. The fake site will accept it, and then you’re usually redirected to a page that says they’re having technical difficulties, so could you please check back later? Your original banking site will not allow you entry.

10. Different is the keyword here: Use DIFFERENT passwords for different sites; I know it’s a tough ask these days when most functions of the brain are being passed on to technology, but this is a good way to prevent phishers from getting at all your sensitive transactions, even if they’ve managed to compromise one.

11. Keep your eyes open: A spam email is littered with grammatical errors, is generally not personalized, and usually has either some link or a suspicious attachment. RECOGNIZE and report them as spam.

12. Familiarity breeds contempt: Not sure that you can spot a phisher’s email when you receive one? Well, take a LOOK at these examples and you’ll know how they’re generally framed. By and by, you’ll learn how to spot the fake ones.

13. Greed doesn’t pay: NEVER be taken in by offers of money for participating in surveys that ask for sensitive information. These are always fraudulent attempts to get hold of your personal details. You may get the $20 that’s promised, but there’s also a high probability that you may find your account cleaned out.

14. No stepping out: Do not leave your computer UNATTENDED when logged into your bank account or when you’ve provided credit card information on a shopping site.

15. Proper exits count: Once you’ve finished your business, LOG OUT properly instead of just closing the browser window, especially if you’re using a public terminal.

16. You can never be too careful: LOG INTO your bank account on a regular basis and keep tabs on your money. You don’t want to wake up one fine day and find that a phisher’s been siphoning off a few hundred dollars every now and then.

17. A little knowledge is not dangerous: Keep yourself up to date with the latest news and informationon phishing.

18. Hard evidence: Be very careful when disposing of old computers and hard disks. Recycled computers have been found to retain confidential information pertaining to Internet banking. Use software to ERASE and over-write data on your hard disk to ensure that it is not recoverable.

Adam Brown,

Technical Advisor

One Response to Protecting yourself online

  1. Pingback: Protecting yourself online (part 2) » SYZYGY MISSIONS SUPPORT NETWORK

Leave a Reply