The latest and one of the worst internet scams is known as
“social engineering”. This little scam is
defined as “the practice of conning people into revealing
sensitive data on a computer system, often on the Internet”.
Why is social engineering important to me? “Well,
it’s not to me”, I hear you say, smugly.
After all, you’ve followed all of PakBruce’s advice
and installed and kept updated your anti-virus software.
So, what’s to worry? Well, no matter how strong
your firewall is, no matter how often you update your antivirus
program, if someone can trick you into giving him your password
or credit card number, all your time-consuming and expensive
computer security precautions will have been wasted.
One of the newest forms of this social engineering is called
“phishing.” In a phishing attack, a criminal
pretends to work for a company you trust — usually your
Internet service provider or financial institution —
and frantically contacts you via email or instant message
to tell you that your account information is out of date or
that there has been some fraudulent activity on your account.
(I get these weekly!) The criminal tells you to click
on a hyperlink that takes you to what looks like the real
corporate website where you are asked to verify your account
information.
Of course, the website you are pointed to may LOOK like PayPal’s
or eBay’s or Citibank’s [or any other company’s
for that matter], but it isn’t. It’s actually
a fake website. And when you “verify” your
account information, all you are doing is giving the criminal
your username ... and password ... and social security number
... and mother’s maiden name ... and sometimes even
credit card number and expiration date.
But surely most Internet users are smart enough not to fall
victim to a scam like this, right? WRONG! (And
stop calling me Shirley!) According to a report from Gartner
which was reprinted at Silicon.com, in the past year more
than 30 million [Americans] are sure they have been suckered
in by a phishing email and of those a worrying two million
went on to divulge sensitive information such as credit card
numbers. Pretty scary numbers, aren’t they?
So, how can you protect yourself from phishing schemes?
Well, you can start by following these four rules:
1. NEVER give your PIN numbers to
anyone!
2. If you have an account with a company,
don’t trust ANYTHING you read in account-related email
from that company. If there REALLY is a problem with
your account, the company will contact you via snail mail.
3. NEVER, EVER click on a hyperlink in an email
from a company with whom you have an account, no matter how
real the email or hyperlink looks. If you need to visit
the company’s website, close your email program, ignore
everything you read in that email [including any web page
addresses you may have seen], open your web browser, and manually
key in the regular web page address for the company’s
*homepage*. Then login to your account with that company
in the way that you normally would. If there is a problem
with your account, the company’s website will tell you
once you login.
4. If you need to personally contact
a company with whom you have an account, the ONLY contact
information you should trust is the information on your monthly,
paper statement or on the back of your credit card.
Assume that any contact information in a business email only
points to a criminal wanting to steal your personal information.
Practice these three rules and you’ll be well on your
way to being safe. You might also want to pop into
http://www.antiphishing.org/ from time to time. This
site is constantly updated and tells you about the latest
phishing schemes
