Anti-Phishing HINTS

PHISHING Prevention Tips

From FTC.gov (Federal Trade Commission)
Be cautious about opening attachments or clicking on links in emails. Even your friend or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.

Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
Make the call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.

Report phishing emails and texts.
• Forward phishing emails to spam@uce.gov – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with “full email header” into your favorite search engine.
• File a report with the Federal Trade Commission at FTC.gov/complaint.
• Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
• You can also report phishing email to reportphishing@apwg.org. The Anti-Phishing Working Group – which includes ISPs, security vendors, financial institutions and law enforcement agencies – uses these reports to fight phishing.

From APWG.org (Anti-phishing Working Group)

How to Avoid Phishing Scams
While online and mobile banking and e-commerce are safe, the volume and sophistication of phishing scams continues to dramatically increase.

As a general rule, you should be careful about giving out your personal financial information over the Internet.
Here are some steps you can take to avoid becoming a victim:
Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal financial information.
• Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, Social Security numbers, date of birth and other personal information.

Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option, too.
• Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead “http://www.2paypal.com”or “hxxp://www.gotyouscammed.com/paypal/login.htm.”

Don’t send personal financial information via email, and avoid filling out forms in email that ask for your information.
• You should only communicate information such as credit card numbers or account information via a secure website or telephone.

Use a secure website (https:// and a security “lock” icon) when submitting credit card or other sensitive information online.
• Never use public, unsecured WiFi for banking, shopping or entering personal information online, even if the website is secure.
• When in doubt, your 3/4G or LTE connection is always safer than using public WiFi

Other Helpful Tips:
• Unless an email is digitally signed, you can’t be sure it wasn’t forged or spoofed.
• Double-clicking the “lock” icon on a website will display the security certificate for the website. If the certificate isn’t displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
• Typically, phisher emails are not personalized, but they can be. Valid messages from your bank and e-commerce companies are personalized. When in doubt, call the company directly to see if the email is in fact from them.
• Phishers have the ability to spoof and/or forge the https:// that you normally see on a secure Web server and a legitimate-looking Web address, which – again – is why you should always type the web address yourself instead of clicking on displayed links.

Anatomy of a Phish