How to Prevent Phishing Attacks
Protect Personal Data When Browsing the Internet or Using Email
Nov 30, 2008
Many people find the Internet indispensible for doing online transactions that range from banking to paying bills. This requires that personal information like credit card or social security numbers be exchanged with trusted web-sites.
Password Privacy
Some web-sites get individuals to give up this information by pretending to represent a trusted institution. Imagine someone getting an email that looks like it came from their bank asking them to verify their online password. A web-site someone connects to promises a free prize, but asks for bank information to verify who they are. Someone installs a free program on their computer but does not realize that it send personal data over the Internet.
Phishing attacks are becoming very inventive and pervasive. The Anti-Phishing Working Group is one organization that gathers statistics on this problem. Despite growing awareness of this problem, they report that attacks and software designed to perform these attacks rose significantly at the beginning of 2008. A small percentage of Internet users admit being scammed by these methods, but the billions of dollars lost eventually affect everyone.
When someone is affected by such an attack, recovering from it can take months or years depending on how quickly it is detected. The best approach is prevention. Here are a few simple suggestions that can help to do that:
Trust No Email or Web-Site
Creating an email message that looks like it came from a credit card company and even including their logo is not a difficult thing for hackers to do. Some of these can be detected easily with a little detective work, but why take the chance?
An email message that says that verifying personal data or doing a password change is necessary is probably fraudulent. But this can be confirmed by calling the bank or going to their web-site by typing the URL. Never use the links in the email message.
When connecting to a web-site, verify that the connection is encrypted by making sure the URL is https:// and not http. If unsure, verify the URL by calling the institution with a verified phone number.
Anti-Phishing Software
Some of the newer web browsers like Internet Explorer 7 or Firefox 3 have built-in software that can detect and warn against phishing links. Make sure the browser options are properly configured to enable these options. For more protection, an anti-phishing toolbar in the browser might be considered. Some of them can check online lists of web-sites with known problems.
Some Internet security software packages also include anti-phishing software. The vendor that someone already trusts for their anti-virus software will probably carry a product for phishing as well. As with anti-virus products, the software is practically useless unless regular Internet updates are done.
Education
As discussed earlier, Internet fraud in the form of phishing and other attacks is growing more widespread. Know how to recognize these attacks in the form of fraudulent emails and web-sites is invaluable. Reporting them can also prevent others from being duped. A good place to start is the Anti-Phishing Working Group which has recommendations and suggestions that will help. They can also recommend vendor software and services that will help.
Besides taking measures to prevent phishing attacks, it is also a good idea to monitor credit changes as well. An ounce of prevention is always good, but being able to respond quickly to credit card fraud can reduce the severity of the problem.
