“Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a Rondout Savings Bank, online auc tion sites like eBay or credit card companies. An email is sent requesting that the recipient access the fake website (which will usually be a replica of a trusted site) and enter their personal details, including security access codes. The page looks genuine, because it is easy to fake a valid web site. Any HTML page on the web can be modified to suit a phishing scheme.
Phishing e-mails are often sent to large lists of people, expecting that some percentage of the recipients will actually have an account with the real organization. The term comes from "fishing," where bait is used to catch a fish. In phishing, e-mail is the bait.
How To Tell If An E-Mail Message Is Fraudulent
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
"Verify Your Account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from Rondout Savings Bank asking you to update your account information, do not respond: this is a phishing scam.
"If You Don't Respond Within 48 Hours, Your Account Will Be Closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.
"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
"Click The Link Below To Gain Access To Your Account.
"HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.
What You Can Do
You should be suspicious of e-mails – regardless of where they appear to come from. Particularly if you receive an unexpected e-mail from your bank or another trusted Web site, asking you to follow a link and log in to that page or confirm your details.
If it is an unexpected e-mail but you feel that it might be an honest e-mail, do not follow the link in the e-mail. Go to the home page of the Web site that the e-mail appears to be coming from and look around to see if there is any mention of the content that was in the e-mail. If you are still uncertain, log in to the Web site as you normally would, not by following the link in the e-mail and see if there are any notices similar to what was mentioned in the e-mail.
Most modern web browsers such as Internet Explorer 7 or Firefox 2 have anti-phishing features built-in which will check the web sites you visit against a constantly updated list of known phishing sites and warn you if you are accessing one.
Check the web browser's help screens to learn how to enable this feature
Related Sites And Information
Federal trade commission phishing information http://www.ftc.gov/phishing