Don’t Get Caught When Others Go Phishing
September 19, 2009
The email looks official… PayPal is telling you that you have to log in to unfreeze your account, or to update your information, so you click the link and enter your password on the website that comes up. In almost every case, you should not have done so. Almost more common than email viruses are emails that are “phishing”. People set up fake websites that look like real websites, that prompt you to log in. When you do, they then have your login information and can log in to your real account. The most common versions of these at the moment are messages that appear to come from PayPal, or a bank. There are several ways you can guard against getting taken in by these emails.
- Don’t click on links in email
Unless you’re absolutely sure you know who the email is from, and were expecting it, don’t trust the link. If you were expecting the message, and it’s personalized rather than something that reads like a form letter, it’s more likely to be okay.
- “Mouse over” before clicking
What you see is not always what you get. The link destination does not need to be the same as the visible text on the screen. Most email programs let you move the mouse over a link (without clicking) and give you some information about that link, usually in the lower left or right corner. The address you see there is more likely to be the actual address than what you read in the message itself.
- Type the address yourself
Though it’s more of a pain, you’re safe by typing an address into a browser yourself rather than just clicking. That way you’re more aware of what address you’re actually entering, and you can’t be tricked by a bait-and-switch.
- Access your accounts your regular way
If you have a PayPal account or online bank account and receive a message about your status or some other problem, access your account the way you typically do rather than through a provided link to see if there really is a problem.
Just because you see part of the address that looks official doesn’t mean it really is. For example, the following address has nothing to do with PayPal:
Many people see the “paypal.com” part and feel reassured. However, it’s the last two parts of the address before you start seeing any slashes that are the most important. In the case of this example, the website you’d be going to would be recoverbalance.net and could be owned by anyone. It’s fairly easy to duplicate the design of a website, so the address is an important way of knowing where you really are.
Another important way to be safe is to make sure you have functioning firewall and anti-virus software in place on your computer. Avast has a great track record in preventing infection, and also works with your browser to prevent connections with pages that attempt to download software to your computer without your knowledge. Better yet, it’s free for personal use.
- Phishing – Wikipedia Definition
- FTC’s “How Not to Get Hooked by a ‘Phishing’ Scam”
- How Phishing Works