“Phishing,” is a term synonymous with Identity Theft, and is intended to be a variation on “Fishing,” in which bait is thrown out in hopes of drawing in vulnerable prey. Commonly, phishing attacks involve simple e-mail messages, disguised to look like they were sent by legitimate businesses, in an attempt to direct users to visit a web site, which prompts them to update personal information including: Social Security Numbers, Credit Card Numbers, Bank Account Numbers, etc.
Can you tell the difference between Spam and Legitimate e-mails? If not, you’re not alone. Phishing Scams are becoming increasingly more sophisticated, and thus, more difficult to detect. However, there are some tell-tale signs of phishing emails that should always raise a red flag for you:
- “Dear Sir,” “Dear Madam,” and “Dear User,” all have one thing in common- they each fail to address you by first or last name. Legitimate companies will almost always greet you with a proper salutation, generally using customer names or usernames, and will only include partial account numbers in the e-mail message.
- From: The “From” address can manipulated to look just like a legitimate corporate e-mail address, so it should only be one of the factors used to determine whether or not to trust an e-mail.
- Links- As a rule of thumb, you should avoid clicking on links that request for you to enter any kind of personal information. It’s also wise to check if subdomains, letters or numbers precede the company name, or the words in the links are misspelled.
- Attachments: It’s never a good idea to open unexpected e-mail attachments. Try to be extra cautious if the attachment is a .exe file format, as that’s where scammers tend to hide malware and viruses, set to execute when the attachment is opened.
- Job seekers beware- Phishers posing as potential employers that request any kind of personal information, or instruct you to provide bank account numbers, promising to front you money for your services.
If you think you might have been a victim of a phishing attack or if you are suspicious about an email that was sent to you can send or report it to the United States Computer Emergency Readiness Team: firstname.lastname@example.org.
Methods of Reporting Phishing Email to US-CERT
- In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to email@example.com and send it.
- In Outlook Express you can also open the email message* and select File > Properties > Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message to firstname.lastname@example.org.
- If you cannot forward the email message, at a minimum, please send the URL of the phishing web site.
For additional information about phishing and other cyber security issues, the United States Computer Emergency Readiness Team website has a lot of helpful information.