Over the past few years, malicious internet and e-mail activity has increased exponentially. Included in this malicious activity are phishing scams. The following article discusses the definition of "phishing" and provides information and best practices on how to avoid being taken in by these scams.
Phishing is the attempt to gather private information, such as usernames, passwords and credit card details, by impersonating a trustworthy source via electronic communication.
What are some best practices to protect yourself from falling victim to phishing scams?
- Never assume the e-mail sender is who they say they are.
- Never reply to an e-mail with your full credit card details.
- Never submit private information via a webpage linked to from an e-mail.
- Always log into your vendor accounts as you normally would and NOT by clicking the link in the e-mail.
- Always call vendors of yours by the phone number on their main website, NOT from a phone number in the e-mail, or on a site linked to from the e-mail.
- Follow your gut. If it doesn't seem right, assume it's not and verify by standard communications with your vendor.
How to Identify That You're on a Secure Site
The following screenshots give you an idea of how several major web browsers identify a secure site. Make sure that you are familiar with how your web browser identifies this situation as it can indicate if your data is being transmitted securely or not.
Internet Explorer identifies a secure page with a green bar and a padlock symbol.
Mozilla's Firefox browser may differ based on the theme, but you will see a padlock next to the "https:" portion in gray before the URL.
Google's Chrome browser follows the same convention as the Internet Explorer in using a green bar and padlock.
If you're running an Apple computer, then you will most likely be using the Safari browser. They indicate a secure page the same as Internet Explorer and Google Chrome, using a green bar and padlock symbol.
Identifying Links Within an Email
Phishing e-mails will often be "spoofed" to appear as if they are coming from a trustworthy e-mail address, but upon closer inspection they are not. If you are looking at an email and something doesn't seem right, make sure to look at the email header in full. You will be able to identify the source of the email in the header. In some cases it may be using an IP address to disguise its point of origin.
A good rule of thumb is to confirm that the link you're clicking on within an email matches the domain you're expecting. (i.e. If your vendor's website is "myinsurancevendor.com", a phishing e-mail may send you to a malicious link similar to: myinsurancevendor.com like otherinsurancevendor.com/paymentinfo).
Make sure that you carefully scrutinize links that you use within an email. If you are not 100% sure of the source of the email, then you should not click on the links provided within the email. You can identify the URL used inside an email by hovering over the link. Here's an example:
If the URL of the link looks like it's at least going to the correct domain name, then the link is typically okay. However, if you have any doubts, don't click on it. If you require further assistance with this issue, please contact our technical support team available 24/7.