We all know how annoying SPAM can be – filling up your inbox with useless information and ads.  Unfortunately there is a type of SPAM that is more than just annoying.  It could lead to theft of your personal information, credit card numbers, banking information, and passwords.  This is called Phishing.

Phising (pronounced fishing), is a form of deception that works on getting personal information from you.  How does it work?  Most commonly, you will receive an official looking email or web pop-up, from banking, credit card, or other institution that deals with money (PayPal is a favorite target).  The email may state that there is a problem with your account or simply request reaffirmation of your account status.  You will be given a link to click on to submit your information.  Upon clicking on the link you will be presented with a web page that looks remarkably like the company’s web site.  In reality you have been redirected to the criminal’s fake web site.  Any information you enter, login/password, is captured and the criminal now has you information to log into the real site and steal your information and/or your money.

There are steps you can take not to be hooked by these scams!

• Do not click on any links in an email, especially from unknown sources.  If you really want to check out the link, manually type it into your web browser.  Better yet, pick up the phone and call the sender.
• Use spam filtering.  The use of spam filtering can prevent the spam from ever reaching your inbox.  (Spam filtering is available for all users at:  http://spam.louisville.edu)
• Ensure web sites are truly secure.  When you are dealing with an online banking or financial institutions ensure the address bar shows https:// and not http:// (the s means that a third party security certificate (SSL) is in use.  To further ensure the security is legitimate click on the lock in the lower right hand corner of the browser page and verify the certificate is legitimate.  (The lock is often just a spoofed icon.)  This will help verify that the web page is truly encrypted.
• Use anti-spyware software.  We recommend the use of Microsoft’s Windows Defender.  Download for free at: http://softwareresales.louisville.edu

If your browser is hijacked, anti-spyware can often remove the malicious code.

Contributed by:
Brenda B. Gombosky, CISSP
Information Technology