“During inspection of our records, we could not verify information relating to your account. Please click here to verify and update your account information.”
“Our bank has installed a new security system. Please update your account information immediately in accordance with the requirements of our new system or else you won’t be able to access your account.”
“We’re in the process of upgrading our website. As our esteemed customer, you’re requested please to confirm your account details immediately to enable us to sort out active accounts and inactive accounts separately. Please note that we’ll be deleting all the inactive accounts for which we don’t receive confirmation from the customers concerned within a period of seven days.”
You might have received such types of email messages purportedly from your bank or from a website where you shop online, or from similar other organizations where you maintain your online account. This is basically a type of “phishing” attack. Millions of such email messages are sent to various people every year. Such e-mail messages are sent by fraudulent persons purportedly in the name of some reputed organizations such as a bank, with the intention of collecting your personal information such as your passwords, bank account information, credit card numbers, Social Security number, or other important information. The contents of the e-mail messages sent by such fraudulent persons may vary but the intention is always to make you share your important information with them. Such people may ask you to click a link provided in the e-mail message, which purports to take you to the real site of your bank etc., but in fact it may take you to some fraudulent site operated by the fraudsters. Their fraudulent site will look just like your regular bank’s website or the website of the organization for which are being asked to provide your sensitive account information.
The phishers will thus send you an e-mail or pop-up message that appears to be from a company or organization with which you have a dealing, for example a bank, credit card company, Internet Service Provider (ISP), your e-mail service provider, etc. Such messages may ask you to confirm, validate, update, renew your account information. The message may also list the consequences that you may have to face in case you don’t respond to it. The message will ask you to click on a link that takes you to website which may look just like a legitimate organization’s website, but which is in fact a bogus site created with the objective of tricking you into divulging your important personal information relating to your account maintained with that organization. Such personal information can then be used by such fraudsters to withdraw money from your account, or to commit some other crime by stealing your identity. This is how a phishing attack will generally work in practice.
Every year, a large number of people become victims of such phishing attempts. You should always be careful when such a phishing attack is targeted at you. It is possible to avoid such phishing attacks by taking some simple precautions, some of which are mentioned below:
(1) Be careful while responding to such emails that ask for your personal sensitive information:
Please remember that most of the genuine and legitimate organizations will never ask you for your personal sensitive information by email. Don’t click on links provided in the emails that are asking for your sensitive personal information.
(2) Don’t send sensitive information by email:
The email communication is generally not secure for sending your sensitive information even if you’re sending your information to a genuine recipient. An email passes through a large number of intermediary servers and can be intercepted and read on its way to the recipient. This is the case when you want to send information to some genuine email address; therefore, naturally, it will be much more risky if you want to respond to a phishing email by sending your personal information by email.
(3) Go to the site directly if you feel that the e-mail may be from a legitimate source:
If you’ve received an email asking for your personal information and you feel that it could be from a legitimate source, even then instead of clicking on a link provided in the email, open a new browser window and go to the organization’s regular website by typing the web address of the organization. While doing so, do not copy the link address from the link provided in the email, rather you should directly type the correct web address of the organization’s website as you normally do. This way, you’ll be dealing directly with the organization’s genuine website and not the bogus website of the phishers. If any information is actually required by the organization, it may find mention on its regular website. If needed, you can also directly contact persons holding responsible positions in the organization by telephone or by a separate email at the email address shown on their genuine website.
(4) Verify the phone numbers:
Sometimes the fraudsters may ask you to call a phone number to update your account information. However, the area code and the phone number provided in the email could be misleading and may redirect you to some unknown numbers. Instead of using the phone numbers given the email, try to find out the correct phone numbers from the organization itself or from its genuine website or may be from your records in which you may find some old communication with that organization. Try to contact the organization through such genuine phone numbers, and not by the phone numbers provided in the e-mail if it is asking you to confirm your sensitive information.
(5) Check whether the website asking you to enter your sensitive information is genuine or suspicious:
If you’re visiting a website which is asking you to enter your sensitive personal information, irrespective of how you visited this website – whether through the link provided in the e-mail or otherwise – check the website closely to find out whether it is the genuine website of the organization or it is a bogus one. Confirm that the URL of the website is actually a part of that organization’s genuine website; if needed, check the site map of the genuine website. Sometimes, the bogus website may have a web address similar to that of the genuine website, but it may not be exactly the same. There may be one or two extra characters or one or two less characters in the web address of the bogus website. If you’re on the login page of the website, check whether it is a secure page starting with “HTTPS”.
(6) Use updated anti-virus & anti-spyware software and firewall, etc.:
Use a good anti-virus software and anti-spyware software as well a firewall, and regularly update them. This will be useful since the phishing emails may contain viruses / spyware / malware programs that can harm your computer or stealthily track your activities on the Internet.
(7) Scrutinize bank statements and credit card statements:
You should regularly check and verify your bank statements and credit card statements, to find out whether there are some unauthorized charges. This is all the more necessary if you feel that you’ve likely become a victim of a phishing attempt; in fact, in such a case, you should immediately inform the concerned authorities of the bank, credit card company or other concerned organization.
(8) Don’t get allured by “fantastic prizes” or “fabulous offers”:
Most of the instances in which you come across fabulous prizes or fantastic offers while browsing the Internet or in email messages, are likely to be phishing attempts to collect your personal information by alluring you with such great offers. Be cautious and don’t fall prey to such offers. In any case, be suspicious if you’re asked to share your sensitive personal information like your bank account details, credit card number or passwords, etc.
(9) Opening email attachment or downloading files from emails:
Always be cautious while opening email attachments or downloading files attached with emails, even if the email appears to be from a known person or known organization. These files may contain viruses, malware, spyware, etc., that may harm your computer or may steal your information.
(10) Use a browser that has a phishing filter:
Always use the latest versions of the browsers and enable the phishing filters. The latest versions of all popular browsers such as Firefox, Chrome, Internet Explorer, and Opera include phishing filters to caution you about potential phishing attacks.
(11) Forward phishing attempt information to concerned organizations:
If you feel that you’ve received an email that contains a phishing attempt, immediately inform the concerned authorities such as the bank or other organization that has been impersonated in the phishing email. You can check from their websites where to report about such phishing attempts. You can also provide the phishing attempt information to spam@uce.gov for necessary action. Giving timely information to such organizations can help prevent similar attempts against other customers / users of the same organization. You should provide such information immediately even if it was a mere phishing attempt and even if you did not respond to the phishing mail, since it is possible that some other people may become victims of the same fraud, therefore they need to be alerted in advance.
(12) Contact the organization and concerned authorities immediately if you’ve actually become a victim of a phishing attack:
If you feel that you’ve actually become a victim of a phishing attack and have revealed your sensitive personal information to phishers in response to a spam email, immediately contact the concerned authority or organization, such as the bank, credit card company, etc., to take preventive action, and if needed to block your account. Such information may also help them to alert their other customers. You can also file a complaint at the website of the Federal Trade Commission (ftc.gov) in U.S. or similar Government organizations in your respective country that look after such online fraud cases.
These simple precautions can go a long way to help you in avoiding phishing attempts. Moreover, whenever in doubt, use your common sense. Always contact the organization concerned before parting with any sensitive information.
Did you like this article? To get all such articles from Tech Superb directly:
Related Articles:
If you would like to make a comment, please fill out the form below.
