Now that you know what phishing is, you can work to prevent from happening to you. This page will offer a series of scenarios. Pick the action you think is most appropriate and we’ll discuss it.
On the Phone
As long as you didn’t pick A, you should be okay. Remember, a key goal to keep your information secure is to never give it away.
Option B works, but you’re leaving yourself open. You’ve been targeted by a phishing scheme, and by not alerting anyone, you’re no better off before the phone call.
By alerting the credit card company in option C, you may be able to flag your account for potentially suspicious activity or even help catch the data thieves.
When in doubt, start asking questions. Why does the power company need your social security number? Why is there no written warning? What is the person’s name, title, and extension? Even if the call sounds legitimate, ask for the problem in writing or call the power company on your own. Never give out your information to people who call asking for it.
The power company will not suddenly turn off your power because of one phone call. Even if there were account problems, the power company won’t end service based on a single phone call. Messages with senses of urgency and dire consequences should raise flags of concern.
Through the Postal Service
Phishers are known to go through people’s garbage and mail to gather information. Just because something is in your trash can or mailbox, doesn’t mean it’s safe. Send your bills via a secure environment such as the post office. Better yet, ditch paper altogether and use an online bill pay service; it’s safe and convenient.
In general, the less paper you deal with, the better.
You definitely don’t want option A. Remember, email is not a secure channel. Any email you send is delivered unencrypted and stored on any number of servers. Your internet provider, your employer, and the recipient’s server may all have copies of whatever email you have ever sent, depending on where you sent it.
Unlike a secure web site, email is not encrypted; anyone with access can read your messages. Same goes for your instant messages if you’re into chat rooms. Think about that next time you think about emailing your friends about that embarrassing medical condition.
Back to the scenario, option C’s no good either; this is a classic phishing technique. There are all kinds of ways to hide information in emails, from the sender’s identity to the provided URL. Whether the email is legitimate or not, you should never follow a link in an email. You just don’t know where it could lead.
In a phisher’s case, links in emails lead to web sites that look like your credit union’s web site, but is` really a trap to capture the financial data of you and your fellow credit union members.
Looks are deceiving. Always make sure you’re on the web site you think you’re on by manually typing in a known good URL for the site you’re trying to reach. When in doubt about the correct URL, contact the institution in person or by phone using a known good phone number to verify their web site domain name.
First, the lock means your data is not only being encrypted, but your secure connection is with the web server it’s supposed to be.
Anyone can establish a secure connection. What the lock icon means, is the server has been registered and certified. A third party company like Thawte or Verisign verifies the company and the web server match.
Still, don’t trust just the certificate. Whether the page you’re on is secure or not, as long as the destination is secure, that connection is secure. Unfortunately, the opposite is also true. Even if you’re on a secure page now, if you submit a form to an unsecured page, that connection is wide open. Sometimes, it’s okay to proceed even if you don’t see a lock icon – just be sure of what you’re doing and where that data is going. Your web browser has built in settings to help you make those choices.
Of course, this is the Internet we’re talking about. Everything is for sale from any number of companies. If a business doesn’t try hard enough to make you feel secure in your shopping, go to an online vendor that does.