Protect your Identity from Phishing Attacks
I'm sure you've all heard of Identity Theft and, more recently, Phishing but do you really understand what they are and how they can affect you? Maybe this will help.
Let's start with the basics.
This is information that allows an organization to identify you, as you. You know that when you contact the bank, your insurance company or just about anyone that has personal information about you, you are required to prove your identity.
This process of proof generally comprises you being able to supply your Name; Date of Birth; and Address.
On Websites, the proof of identity is typically easier, requiring you to know your USER ID and Password.
Forget your Password or UserId?
I do all the time! In this day and age, I have to keep 10s of user ids and passwords and I don't mind admitting that I forget one or two of them from time to time.
For most sites, this isn't an issue. I simply request a password reminder and it is provided to my registered email address.
My logins to Financial Institutions is not that easy to retrieve. I'm required to contact the Call Centre, prove my identity and then the Bank will reset my password. EBay and PayPal have a similar process, conducted online.
So what happens when someone else can provide this information?
They could well gain access to my personal and private information, or even my financial information.
Rest assured! Most organizations have a multi layered system and posing as someone else is becoming increasingly more difficult - but that doesn't mean people won't try.
How do these people get this information?
Phishing (pronounced Fishing) is a criminal activity using social engineering techniques. Hashers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Have you ever received an email requesting that you visit a familiar website and update your personal information? I can almost guarantee that, if you are online and have email address, you have received at least one email telling you that you need to confirm your online banking details!
When you visit the website, it needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you've conducted business with in the past. So, you click on the convenient "take me there" link in the email and proceed to provide all the information they have requested.
Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You have just been "phished".
"Phishers" will then use this information to gain access to your personal accounts, using the forgotten password type scenario, to exploit them.
Can you identify a "Phishing" attempt and how can you protect yourself?
Firstly, it is not always easy to identify a "phishing" attempt.
If you are "phished" - don't beat yourself up too much, it can happen easily.
Let's examine Email "Phishing":
"Phishing" Emails are incredibly professional and, when placed side by side with an email from the legitimate organization look 100% identical. That's because these guys actual use the graphics etc from the real organizations webpage.
It is very easy to set the "From" address in an email to be something else, not the email address it is really sent from.
E.G. My send email address may really be firstname.lastname@example.org however, I can easily configure my email client to show the send address as email@example.com.
When you receive the email from me, you could not tell by the "From" address that it was sent from me.
The clickable link within the email also appears to take you to the correct site, when in fact it takes you to a fraudulent site. In a lot of cases, the fraudulent site will also download some "malware" to your computer which generally monitors your web usage and, in some cases, logs keystrokes and sends them back to the "phishers". Keystroke "malware" is dangerous - it can monitor passwords and user IDs and leave you open for even more exploitation.
Many of these people are professional criminals. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully.
When reviewing your email remember that the "From Field" can be easily changed by the sender. While it may look like it is coming from an address that you do business with, looks can be deceiving.
So what can you do? Here are some guidelines to follow when you receive an email requesting information:
1. NEVER click on the links within the email. If necessary, write the address provided down and manually enter it in your browser window.
2. If necessary, contact the organization directly and ask if they requested that information.
3. Check the organizations security policy online. This will define how information will be requested etc.
4. Make sure your AntiSpyware software is up to date.
5. If in doubt, DO NOTHING with the Email.
What about Phone "Phishing"?
With phone calls, you should always ask the caller to identify themselves. Ask them to provide the Company Name; and their name or an operator number. If you are concerned, ask for a phone number that you can call them back on.
Find the organization they say they are representing in the phone book and contact them directly. Ask if they are conducting a campaign.
On a final note, I really object to being contacted by an organization and then being asked to provide personal information, so they can confirm that they are speaking to the right person. What about my right to determine they are who they say they are? After all, they've called my phone number.....
Unfortunately, there appears to be no process for the authentication to be two way. I generally request a Reference ID and a return contact number. I then confirm the return contact number against the details that I maintain and call them back.
If they are unwilling to provide this type of information, I request they put their concern or offer in writing to me. If they are who they say they are, they will have my mailing address.
In conclusion, Identity Theft is a real thing. "Phishing" is a common means of gaining someone's personal information in order to masquerade as that person - generally for exploitation.
I have written a "Pocket Guide to Protecting Your Computer". You may gain a copy of this guide at PC Security at Arvoreen Treasures.
About the author:
Charly is a qualified "tech", holding an Associate Diploma in Electronics Engineering. Her experience with Personal Computers ranges from building computers to providing 2nd level user support.
This article first defines what spam email is and then explains how to control spam e-mail on your PC.
Spam e-mail is also known as bulk or junk e-mail and is unsolicited, unwanted, irrelevant, or inappropriate emails, especially commercial advertising emails sent in very large quantities i.e. thousands or millions of the same email.
If you receive spam email it usually indicates that that you have supplied you email address to someone who may have then sold on your email address to some other group. You may also just receive a spam email as a result of the sender generating likely email addresses.
Some basic steps to avoid receiving spam emails are:
Another tip is to setup an extra email address that you will be happy to drop if you start receiving spam emails to that address. You then use your main email address to friends, family and business and the extra one for everything else such as registering with websites etc. In this way you main email address is less likely to get spam emails and you could always replace the extra one with a new email address.
If you are receiving spam emails and wish to keep your current email address, then you will need to scan your incoming emails with some spam control software.
Such spam control software must be easy to install and then must detect and quarantine any spam emails. The spam email detection techniques must give a low false positive spam email detections i.e. it should rarely detect a valid email as spam.
Usually the detected spam emails are placed in a spam email folder within your email program such as Outlook. You can then look at the list of emails in this folder just to check that none look like valid emails (remembering item 3 above). The spam control software should then allow you to delete all the spam emails in that folder.
About the author:
Send mail to
firstname.lastname@example.org with questions or comments about this web site.