How To Catch a Phish
October 10th, 2007 by Liz Fuller
Researchers and students at Carnegie Mellon University have created a new online game that teaches players how to recognize phish - fraudulent email that is trying to get password and account information.
The game is fun to play and I actually did improve my ability to spot fake urls and email addreses as a result of playing it. Plus if you take the survey now and then return a week later to take the survey again, you are entered into a drawing for a $100 raffle.
The potential reward could be much greater than the $100 prize, if it prevents you from being a victim of identity theft. I don’t know about you but it seems I have been getting a lot of phishing emails in my inbox lately.
Some are easy to spot as they are from banks I no longer even bank with. Even so, I get concerned when they threaten to “cut off my ATM usage” if I don’t click on their link and reset my password information. Instead, I forward them to the Federal Trade Commission: spam[at]uce.gov and delete them from my inbox as quickly as possible.
Others pretend to be from ebay and paypal, services I do use on a more regular basis. For these, I also forward them to the spam research site for these services ( spoof[at]ebay[dot]com and spoof[at]paypal[dot]com) . I know that it helps these services to shut down some of these fraudulent sites more quickly.
The following are some tips to follow to avoid being caught in a phishing scam:
- Respond rather than React; Don’t panic if you receive an email that threatens urgent consequences if you don’t provide account or other personal information. Instead:
- Enter the company’s URL directly (don’t click on a link in the email)
- Find a contact phone number or email
- Initiate contact with the company yourself
- Remember, legitimate businesses such as your bank or ebay are not going to send you a letter requesting personal information online
- Limit the amount of personal information you provide; this includes on forms and in social network sites; while not sharing your social security number might seem obvious, consider whether you really need to share your phone number, mailing address, date of birth, etc.
- Use a secure password; Use a different password for financial sites than for non-financial sites. Change your password every few months. Use a combination of letters and numbers; Don’t use your name or the name of a loved one; Avoid the most commonly used passwords:
- password
- 123456
- qwerty
- abc123
- letmein
- monkey
- myspace1
- password1
- link182
- (your first name)
- Separate your email accounts; Use a separate email account exclusively for financial transactions - banks, online purchases, etc.
- Watch for signs of attack; Keep an eye on your credit card and bank card statements to ensure that all transactions are legitimate. If you suspect fraud, contact your bank or credit card company immediately.
As Women Entrepreneurs, we increasingly use online services to run our businesses - making purchases, selling services, and managing our finances. While online commerce is still very safe and the incident of identity theft is still low, it is wise for all of us to be aware and to protect ourselves and our hard-earned money.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
This entry was posted on Wednesday, October 10th, 2007 at 12:04 pm and is filed under identity theft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
October 19th, 2007 at 6:43 am
[…] phrase, or page —>>> … Your Text Ad Here … Contact Me for Details … Liz Fuller presents How To Catch a Phish posted at More Than WE Know, saying, “While e-commerce is still pretty secure and identity […]
October 31st, 2007 at 6:06 am
[…] a followup to my article on phishing, I thought I’d share this recent example I […]