Phishing: What It Is and How To Prevent It

For the sake of continuity, this is part six of the computer security series I have been writing.

Phishing is the newest term in the computer security world that I will be discussing in this series. Over the past year or so, phishing has entered the common vernacular, and has also become a common problem.

Phishing threats are typically seen in email. The most common tactic is for the scam artist to send a fraudulent email, usually purported to be from a financial institution or well known website such as Ebay. The email’s subject usually carries something to the effect of, “account will be suspended”, or “immediate action required”.

Probably the easiest way to identify a phishing attack is the request for personal information contained in the email. Remember, your bank or credit card company is never going to ask for your username, password, pin number, or social security number in an email.

Another common thread in phishing attacks is the use of poor spelling and grammar. A reputable business certainly isn’t going to send an email that hasn’t at least seen a spell check first.

Your best line of defense is to simply delete the suspicious email. Even if an email happens to sound fairly legitimate, you still shouldn’t respond to any of the links contained in it. You can always visit the Website yourself, by typing the address into your browser as usual, then log in to manage your account as needed.

The “From” address seen on the email you receive can easily be spoofed, so don’t assume that an email is actually from that person or business.

The links contained in an email can appear to be legitimate, such as “www.paypal.com”, but can easily redirect your browser to a malicious Website. Better not to follow email links at all, and instead navigate to the Website yourself.
Phishing is a problem that isn’t going away any time soon, and will probably get much worse over time. Organized crime has apparently latched onto phishing as a new line of business, so the odds are good that phishing attacks will become more difficult to spot, and more dangerous to computer users. My best advice is to scrutinize every email, and always err on the side of caution- don’t be afraid to delete email that you’re unsure of.

Phishing is a problem that isn’t going away any time soon, and will probably get much worse over time. Organized crime has apparently latched onto phishing as a new line of business, so the odds are good that phishing attacks will become more difficult to spot, and more dangerous to computer users. My best advice is to scrutinize every email, and always err on the side of caution- don’t be afraid to delete email that you’re unsure of.

If you would like to take action against phishing attacks, I would recommend starting at the Anti-Phishing Working Group’s website. You can report phishing attacks, view common phishing attacks, and learn about more ways to protect yourself from phishing.