Avoid being hooked by phishing

Avoid being hooked by phishing

Phishing—Avoid Getting Hooked by Cybercriminals
Cybercriminals are currently baiting their collective hooks in anticipation of reeling in your hard-earned money and gutting your identity. Will you wind up as a prize trophy or the one that got away? “Phishing” refers to hooking people online—through deceptive emails and web sites that ask for private information, usually financial passwords or account numbers. These emails and phony sites can appear very authentic. Unless you follow the proper precautions, it can be very difficult to tell what is safe and what isn’t. We’re here to shed some light on this shadowy practice and help you avoid the phishing hook. Just follow these helpful tips:
Don’t Follow Links Asking for Information – Phishing emails are stuffing inboxes everywhere. Some telltale signs to look for include vague salutations like “Dear Account Holder,” along with a dire warning to “take action immediately.” They also typically arrive proclaiming themselves to hail from your financial institution. Maybe they’ll ask you to resubmit or confirm your password. Perhaps it’ll be your account number.
But no matter how authentic the email may appear, do not respond. Instead of following a link in an email or an online advertisement, type in the address of your bank or financial institution directly into the address line of your browser. It is still safe to bank and shop online, you just need to make certain that the site you are banking on is actually your bank, and not a decoy. If you have a problem logging into your account, call your bank or credit card company first, and ask if there are any issues with your account – and ask for a password reset. The point is, there is no reason for a bank to email you to ask for your account information. After all, they already have it. Why wouldn’t the company just call you?
Be Suspicious of Hidden URLs – If an email prompts you to click on a link, be aware that the URL may be different from what you think it is. Therein lies the potential for a con.
Some links can be shortened using sites that reduce long URLs (or “Uniform Resource Locator,” the “WWW” address you use to visit Internet sites) into shorter, more manageable ones. It’s a helpful, legitimate service, but one that can be used by the bad guys to obscure a link’s true location. Other URLs might appear legitimate, but a subtle character change or space is all it takes to lead you to a phishing site. Be aware. Never reply to an email with your financial or personal information.
Change Your Passwords Periodically – Yes, we hear you: Memorizing passwords can be annoying. But it’s a vital part to remaining secure online. Far too many of us rely on easy-to-guess passwords and stick with them for years. Drop this bad habit ASAP. Create passwords that use letters and numbers with both upper and lower case characters thrown into the mix.
Think you’ll never be able to remember them? A good, secure password management system can help alleviate the pain, keeping track of all of your logins and shielding them from prying eyes. (Both Norton Internet Security 2010 and Norton 360 have this function.) Remember: The greater the complexity, the stronger the security—something especially important for financial sites.
Check Your Financial Accounts Regularly – Reading your monthly statements may not top curling up with the latest bestseller, but a few minutes here can avoid hours of headaches later.
Check to see if there are any suspicious charges or debits present. If so, inquire about them immediately. Often, these charges turn out to be benign (one placed by your spouse, a forgotten purchase, etc.). But if they aren’t, you need to alert your bank or credit card company right away.
Cybercriminals are relying on people being complacent. Don’t fall into their trap. If your information has been stolen, the sooner you report it, the better. Go to the Federal Trade Commission’s Identity Theft website for more information on how to do this.
Get Alerts to Phishing Sites and Stay Safe
Just as plants need water and sunshine, phishing has its own requirements to flourish—online security naiveté and lack of software protection. By taking these hints to heart, you’ll take a huge step forward in remedying the former. Now, it’s time to button up the latter. Norton Internet Security 2010 provides real-time protection against phishing. It blocks phishing Web sites and authenticates trusted sites automatically. With it protecting you, the phisherman’s hook will always remain empty and your information safe.

The holidays seem to be a particularly busy time for hackers and those who practice phishing.. the art of luring people into clicking links or responding to e-mails that are not legit.  Here at ESG we get asked many, many questions about phishing.. everything from how it works to how to prevent it in a workplace.  To help answer these questions, we have compiled the information below based on our experience and advice from leading anti-virus companies like Symantec.

Background
“Phishing” refers to hooking people online—through deceptive emails and web sites that ask for private information, usually financial passwords or account numbers. These emails and phony sites can appear very authentic. Unless you follow the proper precautions, it can be very difficult to tell what is safe and what isn’t.

Don’t Follow Links Asking for Information
Phishing emails are stuffing inboxes everywhere. Some telltale signs to look for include vague salutations like “Dear Account Holder,” along with a dire warning to “take action immediately.” They also typically arrive proclaiming themselves to hail from your financial institution. Maybe they’ll ask you to resubmit or confirm your password. Perhaps it’ll be your account number.

But no matter how authentic the email may appear, do not respond. Instead of following a link in an email or an online advertisement, type in the address of your bank or financial institution directly into the address line of your browser. It is still safe to bank and shop online, you just need to make certain that the site you are banking on is actually your bank, and not a decoy. If you have a problem logging into your account, call your bank or credit card company first, and ask if there are any issues with your account – and ask for a password reset. The point is, there is no reason for a bank to email you to ask for your account information. After all, they already have it. Why wouldn’t the company just call you?

Be Suspicious of Hidden URLs
If an email prompts you to click on a link, be aware that the URL may be different from what you think it is. Therein lies the potential for a con. Some links can be shortened using sites that reduce long URLs (or “Uniform Resource Locator,” the “WWW” address you use to visit Internet sites) into shorter, more manageable ones. It’s a helpful, legitimate service, but one that can be used by the bad guys to obscure a link’s true location. Other URLs might appear legitimate, but a subtle character change or space is all it takes to lead you to a phishing site. Be aware. Never reply to an email with your financial or personal information.

Change Your Passwords Periodically
Yes, we know.. memorizing passwords can be annoying and gets harder the more you have. But it is a vital part to remaining secure online. Far too many of us rely on easy-to-guess passwords and stick with them for years. Drop this bad habit ASAP. Create passwords that use letters and numbers with both upper and lower case characters thrown into the mix.

Think you’ll never be able to remember them? Use a trick by replacing letters with similar-looking special characters.  For example “@” looks like “a” and “$” like “s”.. so the password “Allstar” becomes “@ll$tar”.. that’s much better!  Now toss in something random.. like a date at the end.. and you have “@ll$tar1974”.

Check Your Financial Accounts Regularly
Reading your monthly statements may be as fun as watching the football playoffs, but a few minutes here can avoid hours of headaches later.

Check to see if there are any suspicious charges or debits present. If so, inquire about them immediately. Often, these charges turn out to be benign (one placed by your spouse, a forgotten purchase, etc.). But if they aren’t, you need to alert your bank or credit card company right away.

Cybercriminals are relying on people being complacent. Don’t fall into their trap. If your information has been stolen, the sooner you report it, the better. Go to the Federal Trade Commission’s Identity Theft website for more information on how to do this.

Summary
That wasn’t so hard now was it?   For you small business owners out there, we recommend printing this list of tips out and sharing it with your staff about once per year as a refresher.. you will help them stay safe when online at work and at home.  Your team will thank you for it.  Feel free to get creative and make a quiz out of it too.. offer a few prizes at the end to fire up the competitive juices!