Wednesday, April 15, 2009

How to handle suspicious e-mail

Phishing dos and dont's

Phishing, pronounced "fishing," is a type of online identity theft that uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
Follow these guidelines to help protect yourself from phishing scams sent through e-mail.


1. If you think you've received a phishing e-mail message, do not respond to it.
If an e-mail looks suspicious, don't risk your personal information by responding to it.


2. Approach links in e-mail messages with caution.
Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.

Most e-mail programs show you the real target address of a link when you hover the mouse over the link.

Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

Make sure that the spelling of words in the link matches what you expect. Fraudsters often use URLs with typos in them that are easy to overlook, such as "micosoft." For more information, see Typos can cost you.


3. Don't trust the sender information in an e-mail message.

Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message.
Fraudsters can easily spoof the identity information in an e-mail message.


4. Verify the identity and security of the Web site.

Some sites feature verified identity and security information. When you visit a verified site using Internet Explorer 7, the browser address bar turns green and the identity information appears on the right-hand side of the address bar. This makes it easy to check the identity information and ensure that it matches the site that you expected to see.

Make sure the site is secure before you type. You can do this by checking the yellow lock icon on the status bar, as shown in the following example.
Example of a secure site lock icon. If the lock is closed, then the site uses encryption.

Example of a secure site lock icon. If the lock is closed, then the site uses encryption.

The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details.

Note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information.

Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site.

If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.

Tip: If you don't see the status bar at the bottom of your browser window, click View at the top of the browser, and then select Status Bar to activate it.

5. Type addresses directly into your browser or use your personal bookmarks.


If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.


6. Use an updated browser

Regularly updated Web browsers incorporate an ever-expanding set of features, such as the , Phishing Filter, designed to help protect you when you click links in e-mail messages.


7. Don't trust offers that seem too good to be true

If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.

8. Report suspicious e-mail.

Forward a copy of the e-mail to the faked or "spoofed" organization. In Australia contact the Australian Communications and Media Authority on sub-111383-DB892846EB0E3F9BFF6B@submit.spam.acma.gov.au


9. Don't enter personal or financial information into pop-up windows.

One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a "Cancel"button may not work as you'd expect).


10. Update your computer software.

Visit Microsoft Update to scan your computer and install any high-priority updates that are offered to you.

No comments: