It used to be pretty straight forward at one point. The Phishing scammers would try, for the most part, to pretend to be your bank, or ebay, and try to get your account details, or better yet, your card and bank details.
It’s not so simple any more. According to the Anti-Phishing Working Group, in their latest report, Q4 2009 saw phishers go after a record 356 different brands, the highest number yet, and banks are no longer the only target.
The cyber-criminals are also getting clever, and starting to target specific individuals or high-net-worth people in general (so-called spear-phishing and whale-phishing), so now might be the time to reiterate some key points to help keep you safe:
- You MUST be running that latest anti-virus and anti-spyware products. Even more importantly, they must be up-to-date.
- DO NOT download software where you are not sure of the origin.
- CHECK URLs of websites linked via unexpected emails.
- CHECK the URL is actually that of your bank.
- NEVER give your login details to someone, and certainly not passwords – no legitimate organization would ask for these in person.
- Be careful WHAT information you are giving. If you are in a sign-up process, it is HIGHLT unlikely ANY organization would need your bank account details, credit card details, social security number etc.
- ONLY provide personal information on a site you trust. Make sure that site is using SSL (https) on their forms and sign-in processes.
- IF in doubt, STOP and check.
- IF something seems to good to be true. It is.
- Remember: your identity, your organizations good will and perhaps your job is at risk if you get this wrong.
It’s easy to stop phishing attacks, with judicious use of software and common sense. Especially common sense.
Did we miss something? Tell us in the comments.