How Can You Prevent Phishing?

The term phishing sounds like the word “fishing.” And while both words sound alike, they also have similar meanings: both activities result when someone baits a hook to try and catch something: food or data.

In the outdoor sport of fishing, a fisherman is trying to locate a fish of some type to eat, sell or collect. The sportsman, then, baits a hook on the fishing line he is using in order to try and catch his literal fish, while the computer “phisher” baits an email with data he hopes will lure an unsuspecting computer user.

And like legitimate fishermen, who try to catch fish in a number of ways (line, spear, hands, net), so too does a computer or phone phisher, using spear fishing, phone phishing, and spoofed web sites as their fishing line and lure. But just as fish can become smart to the fisherman’s bait and objective, an individual can protect themselves from computer phishers too.

One of the ways to prevent phishing and to protect oneself from it is to become aware of what it is—and the forms it can take. Now that we understand what it is—a trap by a criminal predator to rob you of your identity or resources (or both)—let’s look at the forms it can take.

With computer users, phishing will most likely take the form of an email. However, it can also take the form of a spoofed web site too. But let’s look at the email forms it can take. The phishing email might look very similar to one you normally receive from a business associate, your personal bank, a mortgage company you do business with, or even your employer.

Since these fictitious phishing emails sometimes use logos that look identical to legitimate companies or businesses you do business with, it may be hard to tell what is legitimate and what isn't. But there are some ways to do this without putting yourself at risk.

First of all, it is a red flag when a company that is supposed to do business with you is asking for personal information via the web through an email. In fact, since phishing and identity theft have become so predominant you can bet that any legitimate company you are doing business with will not be contacting you by email for your social security number, account number or any other such data.

The flip side to illegitimate companies asking for your data is the company that provides part of your personal information to you in order to gain your trust in giving them the parts of it they don’t have yet. These requests are also sent via email or done via telephone.

And given today’s fascination with social networking sites like Facebook and a myriad of others, it is easy for illegitimate entities to gain enough basic information about you to make you think they are legit, especially if they are using an official-looking logo on their email from someone you already do business with.

Knowing that phishers bait emails with offical-looking logos, and that they sometimes provide you information they can easily gain online, will help to make you more wary of opening or responding to any email you are not expecting from known business associates. Likewise, getting an email that requests personal information from a company that should already have that data is an obvious sign that will help prevent your victimization from phishers too.

And finally, if an email looks legitimate due to the logo--but they are directing you to click on a link in order to meet their information request--consider the following: if a web site directs you to click on any link and it shows an address like this or something similiar (http://122.443.708.446/us/index/.html) when you just roll your cursor over it (instead of the name of the company that is supposed to be contacting you), then don't click on the link. That link is for a spoofed web site and will direct you to an illegitimate person seeking your indentity and personal financial information.