Phishing is defined by Webopedia (an online Internet dictionary) as “brand spoofing” – a variation on fishing, where the bait (a fake e-mail message) is thrown out with the hopes that while most will ignore the bait, some will be tempted to bite.The Phishers’ (people sending the phishing e-mail messages) goal is to lure as many people as possible into believing the e-mail is legitimate, ultimately separating the people from their money. They accomplish this by tricking people into revealing sensitive information including social security numbers, account numbers and birth dates, all in an effort to steal money or purchase goods illegally using the phished information.Phishers go to great lengths to make their fake e-mails and Web sites look official, from borrowing company logos and duplicating Web site graphics to matching company colors and a Web site’s look and feel, all in an effort to make everything appear genuine. The more sophisticated phishing schemes are very hard to distinguish from real e-mail correspondence and Web sites used by legitimate companies. To protect yourself, you must know what phishing is, how it works and read every e-mail with a skeptical eye. To educate yourself, consider joining an anti-phishing newsletter like the one at http://www.antiphising.org/membership.html.To help reduce your chances of being snagged by a phishing lure, always remember, legitimate businesses will never request your personal information through an unprotected email. If you have an account with them, they already know this information and won’t ask for it through e-mail. With this in mind, read each e-mail that requests personal information as a potential fraud and look for these key fraud indicators:Do you have an account with the company sending you the email? If you are not associated with the company, it is likely a mass-mailed phishing e-mail. Delete it.The e-mail does not address you personally. The message could be a fraud since they don’t know who you are by name.The e-mail warns that your account will be closed or suspended if you don’t act now or it says that you may be a victim of fraud. These are scare tactics to get you to click on a link to their fake Web site. A legitimate business won’t close your account because you don’t respond to an e-mail. They have more official ways to communicate with you – suspect this e-mail as fraud.The e-mail is filled with misspellings and grammatical errors. Many phishing e-mails come from foreign countries and are often translated poorly into English. If a message has blatant errors, it is probably a fake.The links are suspicious. With the e-mail message open, hover your mouse over the links (but don’t click on them). A status bar will appear showing the link address. Look for bogus addresses. Links that end in info, us or two-letter codes for foreign countries (tw, uk, ch, ru, etc) are definite indicators of a fake Web site. Additionally, look for consistency among the links. Phishers will often steal real links to legitimate sites, but the one they want you to click on goes to a completely different site.To get educated on the dangers of phishing or to get help if you suspect you may be a victim of phishing, check out the Anti Phishing Working Group Web site at http://www.antiphishing.org/. There you can follow the latest in phishing trends, learn about the latest schemes, report suspected phishing activities and understand your rights should you become a phishing fraud victim. Send your comments or topic requests to feedback@auraistech.com.Aura Information System Technologies, LLC719-440-1790www.auraistech.com
