The Five Don'ts of Phishing Fraud

By Jennifer Martinez

Phishing is essentially an online con game with phishers acting as tech-savvy con artists and identity thieves. They use spam, fake web sites and other Internet technologies to trick people into divulging sensitive financial information. Unfortunately, the incidence of phishing fraud is growing exponentially.

In a typical phishing scam, phishers send out mass emails, which appear to come from a legitimate online vendor or financial institution. Emails usually contain an urgent message, baiting you into submitting sensitive data. Often, the messages direct recipients to a fake web site where the phisher attempts to collect information.

Phishers have begun to use more sophisticated devices, such as pop-up windows containing misleading messages, fake URLs that simulate real web addresses and keystroke loggers that capture account names and passwords.

To protect yourself against phishing, follow these five basic guidelines:

1. Don't give out financial information  Be extremely wary of emails asking for confidential information -- especially of a financial nature. Financial institutions and other responsible companies do not request sensitive information via email. If you receive this kind of request, report it to the company.

2. Don't provide sensitive information  Phishers like to employ scare tactics. They may threaten to disable an account or delay services until you update certain information, but don't be fooled. Instead, contact the merchant directly to confirm the request's authenticity.

3. Don't respond to impersonal emails  Watch out for generic-looking requests for information. Fraudulent emails are often not personalized. Meanwhile, emails from your bank or Internet Service Provider often reference your business or your account. Again, confirm the authenticity of any suspicious request.

4. Don't fill out email forms  Never submit confidential information via forms embedded within email messages.

5. Don't give out information via insecure sites  If you need to submit corporate credit card numbers or other confidential information over the Internet, make sure the site is secure. To confirm that you are on a secure web server, check the web address. It should begin with "https://" rather than "http://".

To play it safe, also regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your bank and credit card companies. Phishers do trick people into divulging sensitive financial information, but you can steer clear of them if you learn to spot a phishing attack.