What Is Phishing Anyway?Although most people have only heard of phishing in the last few years, it has actually been in existence for well over a decade. If you think about the way the word sounds, it is similar to "fishing". In a sense, that is precisely what phishing is. Cyber criminals will attempt to lure you to certain websites, or otherwise try to obtain personal or financial information from you. Considering that AOL was one of the first networks made available to consumers, it should not be a surprise that many phishing schemes began on the AOL servers. As with contemporary phishing methods, three main systems were attacked, web site browsers, instant message systems, and emails. Once cyber criminals learned they could break AOL's security systems, they quickly went on to try and exploit banks and other financial institutions. Today, the same basic systems are still exploited in phishing scams. In order for a cyber criminal to be successful at phishing, he/she must encourage you to give up personal or financial information. This can be done in any number of ways. First, someone intent on phishing needs to have a way to contact you, or otherwise bring you into contact with them. One of the most popular ways to do this is to create a situation where your browser is redirected to a website that looks like the one you are trying to use. Once there, you may enter your username and password as usual. Unfortunately, you may also be asked to give financial information, or confirm other things that may be used to hack into other sites where you conduct financial transactions. The best thing you can do in this situation is not give this information. If you are able, take a look in your firewall log, and see if you can learn the IP of the site you just visited. It is very important to report these "spoofs" to the FCC so that they can investigate. Many phishing schemes begin with an email that looks like it is from a legitimate bank or other financial institution. This can include credit card offers, as well as emails that simply ask you to verify account information. If you do not have an account with a given financial institution, and receive an email to confirm information, you should report it immediately to the company being impersonated. In most cases, the legitimate company will give you instructions for how to forward the email to them, so that they can investigate. Under no circumstances should you divulge the requested information. Interestingly enough, instant messaging systems are also being used in phishing schemes. Basically, in these situations, you will receive an instant message from someone pretending to be from a bank, your isp, or anyone that might have financial information about you. In all cases, eventually, they will ask you to "confirm" this information, or risk losing your account. As with other forms of phishing, do not give the requested information. If possible, get them to send an email, which will show their ISP information, and then send this along to the company being impersonated along with a history of what happened. Similar to fishing for information, phishing is all about getting you to give up valuable information. By pretending they already know this information, a phisher attempts to create an air of security. The best thing you can do to protect yourself from phishing is to be aware of where and how it happens. Next, denial of information is every bit as important as reporting suspected phishing attempts. With a little bit of awareness and caution, you will be able to prevent cyber criminals from gaining important and valuable information related to your personal identity and finances. |