Phishing

What Is Phishing? It’s pronounced Fishing, and while I don’t know for sure, I’d say it was called that after the sport of the same name. But what is it?

Microsoft defines Phishing as: a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information.

You’ve probably heard the term that someone (a sucker) took a line or deal “hook, line and sinker”. That’s the “hope” behind this type of a scheme.
What happens is the perpetrator (phishing is a criminal activity) does is designs a web page that closely mimics a real web page.

Here is a real example of a phishing email: (the hyperlink has been replaced by underlined text for security reasons)

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here.
Regards,Internal Revenue Service

If you were to click the hyperlink, it would take you to a page that looked very much like the real Internal Revenue Service’s web page. On that page, there would probably be some box to put in your Social Security number (it is “supposed” to be the IRS’ web site) and probably a box to put in your bank account so that you can get your refund to you via direct deposit, and possibly even ask for your PIN number, to further validate your bank account or expedite your refund. Presto, the crook has all the info necessary to clean out your bank account.

One way you can tell if a web site is a phishing site is to look at the address bar of your browser. In the case above, it would probably be a number something like 218.68.122.48 or something like that, (that number that’s displayed is an IP [Internet Protocol]) address, “good” web sites should have the name and not a number in the address bar. It also might be http://www.irss.gov/ or something CLOSE, but “misspelled”.

If you do go to a site that “deals” or “handles” money (such as online ordering or online banking) there should be a lock in the lower right hand corner, and the web site page should start with https, not http. (The S in https stands for Secure.)

How can you protect yourself, your data, and your money?
First, do not click on any links that come in an email “your” bank or any financial institution. For that matter, it’s good not to click on any links in any emails. If any organization, business or whatever sends you an email that has something about financial matters in it, it’s probably a phishing email.
Second, if you do get an email that looks like it came from a financial institution suggesting that you click on a link, instead of clicking on the link or copying a link into your browser, go to the financial institution’s web site directly from your browser.
Third, install Internet Explorer 7 if you use Internet Explorer or Firefox 2 if you use Firefox (Mozilla).

Fourth, if you receive a phishing email, forward it to the US Treasury Department at 419.fcd@usss.treas.gov and to the Federal Trade Commission at spam@uce.gov as well as to your ISP (Internet Service Provider).