Phishing

Long ago, identity thieves had a harder time of it. They had to actually steal something like your wallet to get your information. A sophisticated identity thief in the 21st century will try phishing. That’s phishing, not fishing, but the victims are caught on a hook just as surely as if they were a hapless fish in the lake. Yet, if the fish knew what lay beyond the juicy worm on the hook, they wouldn’t get caught either. To avoid phishing, you need to be informed.

Phishing is defined as the act of sending an email that impersonates a legitimate company or organization. The email address is often very close to the real corporate email, except for a few minor URL differences. In this email, the sender falsely claims to be representing an established, legitimate organization. Posing as the legitimate company, the email directs the user to a website where he will be asked to immediately “update” or “verify” personal information. The user is usually told there is a problem with his account, or warned of possible account fraud. He might be asked to provide credit card, Social Security or bank account numbers that the real organization already maintains. Though the website might be set up to look just like the real thing, it is in fact bogus. Before he knows it, his identity is stolen.

You don’t have to be a computer programmer to avoid phishing. You just have to use your common sense and stay up to date. Here are just a few tips:

– Treat any unsolicited email requesting personal or financial information as guilty until proven innocent. Most major companies will not ask for sensitive information in an email. Don’t reply or click on the link. If you have reason to believe it is legitimate, contact the organization itself via phone or a website that you know is real. Don’t use the phone number provided in the email.

– Don’t enter a website via an email link, rather type the address in the address bar.

– Use different passwords on different websites. If you believe you might not be on the actual site, try typing in a fake ID and password. The real site wouldn’t let you through, the phishing site will.

– Review your account statements frequently.

– Make sure to read the privacy policy of any website before giving them your information and check that they have secure data encryption. What to look for is a closed lock on the bottom right of the browser window, not the web page. Double clicking on the lock will reveal the company’s security certificate. The name on the address bar and the certificate should match. If they don’t, you know the page is a fraud. Your other clue is the “https://” in the URL instead of the common “http://.” The “s” stands for secure.

– Maintain up-to-date antivirus, anti-spyware and firewall protection software. Some software comes with anti-phishing protection that can determine whether a website is legitimate.

– Block pop-ups.

You can never be too careful.