What is Phishing on Computers?
Phishing is a high-tech scam. The "phisher" uses spam or pop-up messages to trick you into giving out sensitive information like your passwords, credit card numbers, bank account information, or Social Security number.
Funnily enough, phishing is nothing new. It used to be known simply as identity theft and the scammers usually did it over the telephone. The scammer would call you up and pretend to be someone from the bank asking you to confirm your account information, credit card numbers, PIN numbers, or passwords. Obviously the scammer was limited by the amount of time it took to ring each person, so identity theft never really took off until the advent of email Spam and websites, which meant identity theft has become much more profitable and therefore widespread. Unfortunately, it is now an everyday occurrence.
Here's how phishing works:
The scammer uses Spam to send the phishing messages. You'll receive an email or pop-up message that looks like it's from a business or organization that you deal with – e.g.
· Your Internet service provider (ISP), AOL, MSN, BT Yahoo etc.
· Your bank e.g. Lloyds, Barclay, etc.
· Your online payment service e.g. PayPal
· A government agency
The message usually says that you need to “update” or “validate” your account information, and there's usually a threat they will do something bad if you don’t respond within a short period of time, like close your account or charge you a fine.
So, you click on the link in the email and it takes you to a website that looks just like the legitimate organization’s site, but it's a carefully constructed fake. This fake site tricks you into entering your personal information. Using this information, the scammer can then steal your identity and run up bills or commit crimes in your name.
Phishing is becoming big business. The US Federal Trade Commission reported "9.9 million U.S. residents were victims of identify theft during the previous year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses."
Phew, that's a lot of people and a lot of money!
The biggest phishing scam in history occurred when a PayPal phishing message was sent to millions of people irrespective of whether they had a PayPal account or not. The scammers knew that there would be enough people with PayPal accounts to make it worthwhile for them.
So you probably want to know how to avoid phishing scams.
1. Change your attitude and behaviour towards suspicious emails and pop-up messages. Become more vigilant.
If in doubt, delete it.
Check carefully the URLs (links to websites) within the email. They might be links to fake websites.
Even if it is from an institution that you use, like your bank or your ISP, telephone them to confirm that they did indeed send out a message. If the message asks you to enter confidential information about yourself, such as your password or PIN number, it is almost certainly a scam. Institutions like these almost never ask for such information over the Internet.
Don't give your account details to anyone without contacting them first by telephone and making sure the email is legitimate.
2. Install security software. Nowadays, you need a firewall and an antivirus as much as you need locks on your doors at home. You wouldn't go out leaving all your doors open, would you?
Some phishing emails contain software that can track your activities on the Internet without you knowing about it, so make sure you're screening your incoming mail with up-to-date antivirus software.
3. Finally, make sure you keep up-to-date with Microsoft's or Apple patches. The latest research shows that an unpatched Windows computer has a life expectancy of less than 20 minutes before it is compromised. That's less time than it takes to download the patches!
So check out Microsoft's or Apple's Update page to make sure you're up-to-date.