The number of sophisticated phishing scams sent to consumers is continuing to increase dramatically. While online banking and ecommerce are very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.
The Anti-Phishing Working Group (APWG, www.antiphising.org) has compiled a list of recommendations to avoid becoming a victim of these scams.
- Be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting and false statements in their emails to get people to react immediately. They also ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
- Don't use the links or attachments in an email, instant message or chat to access any Web page. If you suspect the message might not be authentic call the company or log onto the website directly by typing it into your browser.
- Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.
Phishers are now able to:
- Replicate the "https://" normally seen on a secure Web server and a legitimate-looking address. Make it a habit to enter the address of any banking, shopping, auction or financial transaction website yourself and not depend on displayed links.
- Forge the yellow lock seen near the bottom of the screen on a secure site. The lock has been considered a "safe" indicator and when double-clicked, displays the security certificate for the site. Do not continue if you receive warning displays that the address of the site you have displayed does NOT match the certificate.
- Get in the habit of looking at the address line to make sure you have the right website. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?"
- Be aware of where you are going.
- Consider installing a Web browser tool bar to help protect you from known fraudulent Web sites. These toolbars match where you are going with lists of known phisher websites and will provide alerts.
- Regularly log into all online accounts. Don’t leave it for as long as a month before you check each account.
- Ensure that your browser is up-to-date and security patches are applied.