Security Update: Phishing

By Beth Fussell

In today’s increasingly electronic-based society, phishing is becoming more of a problem every day.  Phishing is the criminal act of tricking people into giving sensitive information, like passwords and account numbers, by pretending to be a legitimate company or website.  One of the biggest ways that people are losing money and information to phishing is through emails that seem to be from a bank or the IRS.  The victim is fooled into giving their financial information, thinking that their bank or a government agency is requesting password verification or account numbers.  Websites like Facebook are also an easy target for phishers, since users readily provide so much personal information that can lead to identity theft. 

Usually, phishing comes in the form of either a fake email or a link to a website that seems legitimate but is actually set up by phishers.  Pop up windows in front of legitimate websites can also fool a victim into entering personal information.  Phishing even happens over the telephone.  Criminals can leave voicemails, apparently from a bank or business, asking the victim to call a phone number to verify information or answer some questions.  The number leads to an automated service that asks victims to enter account numbers or passwords on the phone.  Victims lose millions of dollars each year in the United States to phishing attacks, though most of these incidents are preventable.

The following are tips to help you avoid phishing attacks and identity theft: Be sure that you are being directed to a legitimate website by holding your cursor over the link that a company provides you.  In most browsers, the web address that the link leads to will appear at the bottom of the screen, and you can see if the link leads to a familiar website.  Instead of clicking on a link to a website you use regularly, just type the web address in your browser.  Never give personal information or passwords through an email or in response to a voicemail.  If anyone contacts you and asks you to “verify” personal information, call the company in question to be sure that the requests are legitimate.  If you use Facebook or Twitter, do not post personal information that could be used against you in a scam later.  If you receive an email from a lottery, sweepstakes, etc. saying that you have won a prize when you have never entered (these emails come around fairly often), do not respond to the email, and certainly do not give them your contact information.  Simple steps like these will help you avoid financial and personal loss.