Phishing

From WOT Wiki
Revision as of 21:10, 8 May 2010 by Bob Zenith (talk | contribs)
Jump to: navigation, search
A typical phishing email

Phishing is the term used to describe the process of attempting to fraudulently acquire confidential information such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.

Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, such as a bank, online payment processor (e.g. PayPal), auction site (e.g. eBay), social networking site (e.g. Facebook), or even the IT administrator of their employer or ISP. These Phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are masquerading as.


Dangers of Phishing

If a user enters details into a phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.


How to Protect yourself from Phishing

Have good email habits: Do not open any attachments, and do not respond to the links in an unsolicited email, instant message, or chat.[1]

Protect your sensitive information: Do not give your Personally Identifiable Information (PII) to anyone, whether it be over the phone or through email, unless you are sure that they are who they claim to be and that they should have access to the information; also make sure your connection to the website is encrypted.[2]

Have an updated Anti-Virus and Firewall: An Anti-virus software and firewall are essential in order to protect yourself from Phishing, Malware, and other threats. Also, keep your browser up-to-date and apply all security patches.[3]

Look out for Warning Signs: When visiting a website, be sure to look for certain "warning signs". Phishers tend to use emotional language (ie: scare tactics) to get you to buy or download their product. Also, if a "trusted organization" asks you for Personally Identifiable Information (PII) in an email or instant message, they tend not to be legitimate.[4]


Consult the WOT Scorecard: Allows you to see if the site has been listed on any blacklists.[5]