Six Tips to Help Keep You from Getting Phished
‘Look Before You Click,’ Says Consumer Reports WebWatch in New Campaign
YONKERS, NY, March 27, 2008 --Has this ever happened to you? You get an e-mail that looks like it’s from eBay, PayPal or Citibank, asking you to update your account, and providing a handy link to a Web page where you can do it.
But don’t click on that link! You may wind up on a Web site built by scam artists that downloads a piece of bad software to your home computer that records all your passwords and sends them to a stranger overseas. Or something worse. It’s a process called “phishing,” and it’s a form of identity theft that uses technology and a kind of social and emotional manipulation. Millions of people have fallen for scams like this – even if they don’t do business with the company that has apparently sent the e-mail.
Consumer Reports WebWatch, with grant support from the New York State Attorney General’s office, wants consumers in New York State to understand the risk of phishing attacks. Depending whom you talk to, phishing scams may be slightly on the decrease, but scammers' techniques are improving, and the brand names they’ve been using are changing as well. Popular social-engineering methods that entrap consumers include: Associating the mail with a holiday or event; spear-phishing, when the sender appears to be someone inside the company you work for; or an e-mail telling you your bank account has been compromised, urging you to enter personal information into a fake site that looks like the bank's.
Phishing e-mails usually pretend to originate from financial services companies, Internet service providers or retailers, though some entrepreneurial phishing scammers once even hijacked the name of the U.S. Federal Trade Commission, the government agency responsible for prosecuting e-mail fraud. Right now, phishing scammers claiming to be from the Internal Revenue Service are trying to steal personal information by e-mailing people on the pretense of resolving a tax problem. Don’t believe them!
Here are six tips to help you avoid being phished:
1. Be skeptical of any e-mail, and avoid using hyperlinks in e-mail. They may show one address, but take you to another. Delete any e-mails that seek to send you to a Web page via a link in the e-mail’s text. Legitimate e-mails will ask you to go to a specific Web site. Type the address into your browser and make sure what you are typing is the correct address. For instance, Citibank's main site is citi.com, so if an e-mail asks you to type, say, citi.bankloans.com, be skeptical. Make sure your typing is accurate, since cybersquatters buy misspelled domains -- for example, "cittibank.com." Bank of America and Vanguard, for example, now ask customers to select a personalized image or phrase to appear whenever they access the site as a cue that it’s the real thing.
2. Make a point to bookmark the pages of the sites you do business with. Use those bookmarks for transactions.
3. On Web pages, mouse over the URL and see whether the address that appears at the bottom of your browser looks related to a page or site you expect to visit. When you arrive at the site, verify that the URL shown in your browser's address bar is the correct one. Pay attention to the part of the URL between "http://”(or “https://”) and the next slash. Look for tricks such as the use of a zero where the letter O should be. Verify the address, then type it into your browser. Or use a favorite or bookmark.
4. Watch carefully for misspellings and poor grammar, one of the surest signs of a phishing scam.
5. Use a Web browser with site verification tools, such as Firefox, or software such as McAfee’s Site Advisor, which tests sites and tells users the results via a free download.
6. Report phishing. If you receive a phishing e-mail, forward it to the Anti-Phishing Working Group, the Federal Trade Commission, and the the company or organization being impersonated. You also can file a complaint with the Internet Crime Complaint Center. Read more from the Anti-Phishing Working Group about how to avoid phishing scams.
Read more on Consumer Reports WebWatch’s “Look Before You Click” campaign to help New York State consumers to combat online fraud here.
About Consumer Reports WebWatch
Consumer Reports WebWatch is the Internet integrity division of Consumers Union, the non-profit publisher of Consumer Reports Magazine, the Consumer Reports on Health and Money Adviser newsletters, BestBuyDrugs.org, and a variety of sites advocating consumer rights in the marketplace. We research and investigate Web sites on behalf of consumers, and we advocate for consumer-focused Internet policy and governance. Consumer Reports WebWatch accepts no advertising. Consumer Reports WebWatch is a member of the W3C consortium for developing Internet standards; the Internet Society, a grass-roots group focused on Internet policy; and is an at-large structure (ALS) in the user community of ICANN, the Internet Corporation for Assigning Names and Numbers. WebWatch also serves as an unpaid special adviser to StopBadware.org, a "Neighborhood Watch" initiative led by Harvard University's Berkman Center and the Oxford Internet Institute devoted to helping Internet users avoid downloading malicious spyware, adware and malware programs. With the Center for Media and Democracy, WebWatch in 2008 launched FrontGroups.org, dedicated to exposing the online work of third-party groups that appear to represent one agenda while pursuing another.