March 27, 2014

Phishing is the act of attempting to acquire information such as usernames, passwords,  and credit card details (and sometimes  money indirectly) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware and the links in the emails will often direct the users to a fake website that looks like a real credit card website or bill paying website, etc.  The user inputs their user name and password and that information is captured by the crooks who then use the information to access the online accounts.
 What to look for:

  • Who is the email really from? The name in the from field will not necessarily reflect who is the actual sender.
  • Be cautious of links.  A general rule of thumb is if you weren’t expecting an email don’t open it and DO NOT click on any links or open any attachments.
  • Check that the URL is valid.  Don’t click on the link, but instead manually type in the URL in your browser.  Most times the link presented and where it goes are two different things.
  • Look at the email greeting.  It should raise suspicion if it is addressed generically like dear customer or to whom it may concern.  Most companies that you do business with will address you by name.
  • Previous history with company.  Be suspicious if you have not worked with this company before.

What to do when you suspect a phishing email:

  • Do not open.  Delete and delete from deleted items.
  • DO NOT forward the email.  You will only put our system at further risk by forwarding potentially dangerous emails on.
  • DO NOT ever give out your password.  There is never a reason for a supervisor, manager, IT person, people/customers you work with or companies you do business with to ask for your password(s).  It is unnecessary and if anyone asks for any passwords don’t give it to them.  It is suspect.

Most important points:
Do not forward the email.  This is the most important.  Don’t potentially spread the virus.
Do not click on the links or open attachments.
Do not ever give out your password.  Not to anybody at any time for any reason.