|
|
|
|
Technology Tuesday is a publication of the Massachusetts Association of Realtors. The first Tuesday of every month we will cover at least one technology issue in depth. If you have any questions about these or any other technology issues, please contact the free MAR Tech Helpline at 866-232-1837.
|
|
Phishing for Your Identity
|
Anyone with an e-mail address has seen the quantity of spam messages that build up in just a few short weeks. Without careful consideration and diligence in protecting your e-mail you can open yourself up to this flood of unsolicited messages, some of which are more hazardous than the benign annoyances of spam in the past. One of the most dangerous techniques used in spam e-mail is called “phishing”. Phishing e-mails are fast becoming the most popular way for criminals to empty someone’s bank account or use their identity to defraud others.
A phishing e-mail usually begins with a masked, or forged, sender e-mail address and a legitimate-sounding subject line. Some examples are aw-confirm@ebay.com or customer_service@bankofamerica.com with a subject line of “Your account will be suspended due to inactivity” or “Confirm your identity to protect your account”. If an unwitting recipient opens the message they are then asked to update their account by clicking a URL that looks legitimate; however, careful examination of the actual destination often reveals cryptic IP addresses and URLs pointing around the globe. These phony URLs take recipients to mimicked versions of actual web pages and present them with a login screen. Any information the visitor enters, especially usernames and passwords, is stored for the criminal spammer to use in fraudulent transactions. Spammers can even mimic legitimate e-mail from banks using this technique of fraudulent URLs and mimicked login pages. Entering information into one of these pages will give spammers complete access to a recipient’s bank account.
So how do you combat phishing scams? As with most scams, an ounce of skepticism and a bit of common sense can do a world of good. There are also software tools to help protect your PC in case you accidentally download of an infectious program.
| The easiest way to combat phishing is to treat it like any other piece of spam. Disregard suspicious messages asking you to login and update account information. Companies like Ebay, Paypal and all banks will not ask you for this information via e-mail. E-mail is not a secure medium for exchanging secure information. |
| Do not reply to the message and definitely do not click the URL in the message body. Web browsers like Internet Explorer and even the much-touted Firefox can be tricked into downloading malicious software through specially-coded webpages. Simply viewing one of these pages can put your computer and your privacy at risk. Protect yourself by keeping up-to-date with the latest patches from Microsoft, Firefox, or whichever Internet browser you use. For more information on updating software you can call the MAR Technology Helpline at 866-232-1837. |
| Do not download or open any attachments in the message as these may contain even more insidious programs called “malware” or “spyware”. These programs run hidden in the background of your PC and can record all keystrokes made on the computer before silently sending it to spammers looking for logins, passwords, credit card numbers and more. Use anti-virus scanning software and keep current with the latest updates to protect against these malicious e-mail attachments. Once installed on your system, malware and spyware (from illegitimate sources) are notoriously difficult to remove. It is recommended you purchase an anti-spyware program like Counterspy, Spysweeper, or Microsoft’s anti-spyware tool (available for testing by the public pending a full release). These tools monitor your PC in real-time and block unauthorized programs from installing on your computer. |
| Phishing scams prey on the legitimate appearance of the message. It is sometime very difficult to tell if a message is genuine. Even if you feel sure the e-mail is legitimate, don’t believe it! DO NOT CLICK the link in the e-mail; instead, open a new browser window and manually type in the address for the supposed sender. For instance, if the e-mail says it is from your bank, type your bank’s web address into your web browser and find the user login from their homepage. This will ensure that you go to the expected page, and not an impostor. This method may take an extra minute or two; but it could save you many hours of hassle clearing your name, should you be a victim of identity theft. |
| Never send sensitive information over an Internet connection that is not secure. Be sure to look for the “https” at the beginning of the URL for the page you are visiting. Additionlly, if possible you should never use your social security number as a username or password. Try to keep all sensitive information separate to make it more difficult for identity thieves to collect your full profile. |
| |
| | | | |