Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.
Avoid becoming a victim of these scams. Be suspicious of any email with urgent requests for personal financial information.
- Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
- Avoid filling out forms in email messages that ask for personal financial information
- Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
- Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “http://www.gotyouscammed.com/paypal/login.htm?” Be aware of where you are going.
Consider installing a web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phishing Websites and will alert you. Regularly log into your online accounts.
- Regularly check your financial institution, credit and debit card statements to ensure that all transactions are legitimate
- Ensure that your browser is up to date and security patches applied
- Always report “phishing” or “spoofed” e-mails to the following groups: email@example.com, firstname.lastname@example.org