Phishing attacks use e-mail or malicious Web sites to solicit personal, often financial, information. Attackers may send e-mail, seemingly from a reputable credit card company or financial institution, that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
How Do You Avoid Being a Victim?
- Do not reveal personal or financial information in an e-mail, and do not respond to e-mail solicitations for this information. This includes following links sent in e-mail.
- Do not send sensitive information over the Internet before checking a Web site's security.
- Pay attention to the URL (link address) of a Web site. A malicious Web site may look identical to a legitimate site, but if the URL uses a variation in spelling or a different domain (e.g., ".com" vs. ".net"), it may indicate it is being run by someone else.
- If you are unsure whether an e-mail request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a Web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
- Install and maintain anti-virus software, firewalls, and e-mail filters to reduce some of this traffic.
- Use your junk mail filters. These are your best bet to avoid getting scam e-mail in the first place.
What Do You Do If You Think You Are a Victim?
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account. Consider reporting the attack to the police, and file a report with the Federal Trade Commission.
More Information about Phishing:
For more details on phishing and how to protect yourself against phishing scams, visit the Anti Phishing Working Group and the United States Computer Emergency Readiness Team (US-CERT), a partnership between the U.S. Department of Homeland Security and the public and private sectors.