Topic 7: Phishing - Information Security

“Phishing” is the act of sending an email pretending to be from an online store (Amazon, eBay), a financial institution (Chase, SunTrust), or an Internet service provider (ISP) with the intention of gaining personal information from the recipient. The email usually claims that you need to go to a link provided in the email to update your account information. Phishing hackers use this technique to obtain personal information such as credit card numbers, bank PINs, and Social Security numbers. Like traditional fishing, it relies on a computer user taking the bait.

Reputable banks, financial institutions, and ISPs will never send an email to notify you that your personal information needs to be updated via the Web. If you receive an email from an institution you regularly do business with that claims a requirement for this to be done, go directly to the institution’s web site using your regular browser process (Do not click on any links provided in the email). You can also call them and ask if this is a legitimate request. Try never to expose your personal information in any form on the Internet unless you know that the site is encrypted and is legitimate. Even if a link in an email looks legitimate, don’t click on it. Be aware that there are several ways to “spoof” a Web address, some of which can fool even an experienced surfer.

Phishing activity has also morphed into another form called “Pharming”. While phishing is generally directed at a single user, pharming attempts to redirect as many users as possible away from a legitimate web site to a web site that looks just like the authenticate site but with one important difference; this illegal web site is designed to steal all of the user’s personal information. This information is then exploited by the thief in various ways, including selling the information to other thieves. Be very careful of web links provided in emails.

Another protection against phishing email attempts is a good anti-virus software package that protects against phishing attempts. Some email engines have built in protection. This protection is not foolproof, but does provide an excellent layer of defense for you and your computer.

Click here to go back to the main Security Training page.