Phishing is a deceptive act in which unsavory individuals try to obtain your personal information, such as passwords and financial information. Phishing attacks usually come in the form of an email pretending to be from an official site, such as your bank, but instead lead to a fake website that looks very much like the real one.
Identity theft has been around for a long time and phishing is one of the latest methods used to steal your information. The last couple of years have seen an increase in phishing attempts and browser providers and SSL certificate providers are stepping up to bring solutions to people.
Web browsers are empowering users to determine if a site is bad or not. Internet Explorer 7 will display a red address bar warning if the website is a known phishing site. IE7 will also display a green bar if the site is secure and your data is encrypted and will show you where the certificate was purchased. FireFox has a similar security feature.
In the past, you could assume that if a website had a lock (which indicated it had a security certificate) it was a valid site. However, phishers became smarter and started purchasing security certificates for their sites. To combat the threat, security providers like Geotrust are providing a new type of certificate that not only encrypts data on the website (like a regular SSL certificate) but also provides an extensive background check into the company before the certificate is issued. In IE7, not only will the address bar turn green, it will also display the name of the company that the certificate was provided to and bought from.
Here are some tips that can help you protect yourself online.
1. Most legitimate institutions will never request your personal information. Any unsolicited email, phone call, or mail that does is probably a phishing scam.
2. Visit a website by typing it in the URL instead of clicking a link in an email. Although the link may look legitimate, phishers use all sorts of tricks to hide where it’s really going.
3. Check your credit card and bank statements regularly for fraud.
4. If you’re not sure if you’re on a real website or not, enter a fake login. If it works, you’re on a phishing website.
5. Report a phishing scam to the real organization. Most banks and other institutions usually have an email address online to forward the scams to.
Phishing websites can look very much like the real sites in the hopes of luring unsuspecting people to enter important information such as their social security number, bank pin number, or credit card number. Don’t let yourself get caught.