In phishing scams, the scammer uses a lure or bait, often in the form of an email but also possibly in other ways, to try to “catch” a gullible person and trick him or her into revealing personal information. The information sought is often a user name and password, a credit card number, or a Social Security number, and the intent is generally profit or identity theft. Phishing protection refers to the steps one can take to protect oneself from phishing scams.
Phishing protection includes being aware of the ways in which a phishing attack can be launched. Besides email, phishing can be attempted in a text message, a social networking post, a website link, a chat room, a message board, and fakes in the forms of banner ads, job search sites, and browser toolbars. It’s also important to be aware of what’s in the address field of the browser on two counts. One is to check for https:// rather than http:// when using a secure site. The other is to check the favicon if you use the Firefox® browser: the favicon on secure sites is large and green as a signal that the site has a valid SSL (Secure Sockets Layer) certificate, and this is verified by clicking on the favicon. In addition, both the Firefox® and Microsoft® Internet Explorer® 8 browsers are programmed to alert users to potentially dangerous websites and use a padlock symbol to designate safe sites.
Phishing protection also includes strategies for handling suspicious email. One should never send personal information through unprotected email, and no upstanding business will ever ask for information this way. In addition, one should not click on email links or fill out email forms as a general rule, especially when an email carries an implied or explicit threat about what will happen if you don’t supply the information. Upon receiving a suspicious email that purports to be from a business, it’s a good idea to read carefully for typos, misspellings, and non-standard usages, any of which can tip you off to a phishing attempt, and make contact with the purported sender by phone as a way of checking validity. Keep in mind that spear phishing may use the name of a colleague or trusted person within an organization, so don’t rely on the ‘From’ indication to determine whether an email is safe.
Spam protection, as well as anti-virus and anti-malware software are also useful approaches to phishing protection. A firewall on one’s computer and/or router is also helpful. Finally, reporting phishing attempts to the organization that was being imitated and your ISP (internet service provider) is a good way to help prevent future phishing attacks.