Computer Data Security: Phishing Dangers
With so many threats to our personal data and identities it can be easy to find yourself overwhelmed by security software, options for protection and insurance policies covering you against any threats to your online identity or credits (bank loans, credit cards, etc.) taken out in your name.
Criminals that commit these types of fraud do so thanks to identity theft, which is made very easy by phishing, the process of finding information about an individual without them suspecting a thing.
There are many security threats to personal computer data – phishing is just one of them, but happily it is one that we can learn to spot and avoid.
So What Is Phishing?
With a secure system, complete with passwords that only you know, it can be very difficult – next to impossible, in fact – for any unauthorized persons to be able to gain access.
For instance they might try random passwords or using a brute force method where a piece of software tried to work out the correct password, but both of these methods are time consuming.
This is where phishing comes in.
Rather than trying to guess a password at random, the party attempting to break into the secure system will use information supplied by someone who has access. This person typically won’t know that they are supplying this information however, as it will be extracted in the form of cleverly worded questions.
By acquiring some vital information about the owner of the account, those attempting to gain access to the system will often find their job has gotten a lot easier.
Spot a Phishing Attempt
The most common use of phishing comes in the form of fake emails from banks and other reputable services, asking you to click a link to a web page – which again is a fake, and known as "spoofing" – and log in with your personal details. Your login code and password are then in the hands of criminals who will use them to access your bank account, perhaps extend credit in your name, but have the funds sent elsewhere, etc.
It is important to be aware of these types of threat so you can avoid them. Increasingly criminal groups are using telephones and SMS text messaging to gain personal information so that they can open bank loans and credit cards in your name using all of the techniques listed here, and this has become such a problem that banks release annual figures on how much fraud costs them while their subsidiaries offer insurance protection against these very threats.
However you can save money on these and protect your identity by following a few basic steps.
Protecting Yourself from Phishing
First of all, don’t trust emails from banks. They rarely send messages out by email and never contact you asking to sign into your account. In the event that you receive such a message, call your bank to confirm its authenticity.
Second, be wary of web pages that purport to be for one purpose but are actually designed for another. These might be difficult to spot, but a good giveaway of a fake web page is one that asks for personal information without establishing a secure connection. You will be able to spot a secure connection as the URL of the web page will begin https:// rather than the usual https://.
Finally, be extremely selective about the information that you give out on the phone, especially to people claiming to be calling from organizations that you are already in a business relationship with. While their questions might be worded to appear as if they are confirming your identify, if you already do business with them then they shouldn’t be calling you to do this. Instead, ask for a telephone number, check it is genuine (there are several websites that provide this service if you Google the number) and if it checks out you can call them back.
Our guide to phishing best practices explains some of these concepts in more depth.
Author's own experience
Image credit: Wikimedia Commons/Gflores