On April 1st, pranksters will be playing practical jokes on friends and family members, and although amusing and sometimes annoying, such pranks are usually harmless. However, every year millions of people learn the hard way that not all hoaxes are in good fun. Every day is April Fools’ Day to online scammers and phishing is their favorite joke to play.

Phishing is the act of tricking Internet users into divulging personal information such as financial data, credit card numbers, account usernames, passwords and social security numbers. Online scammers often send emails or instant messages (IMs) that appear to be legitimate and include links to a fraudulent Web site. Once you’ve been hooked by a phishing scam, “phishers” can use personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.

To prevent becoming a victim of such scams, it’s important that you take proactive steps to protect yourself. Make sure to use trusted products that offer anti-phishing, spam and security features. Products like Yahoo! Mail and Yahoo! Messenger provide free, award winning spam and security tools. To keep you safe from phishing Web sites, use a Web browser with anti-phishing detection. Both Internet Explorer and Mozilla Firefox web browsers have free add-ons that can help you detect phishing sites.

Identifying A Phishing Web Site

If you are suspicious don’t sign in. Rather, open a new browser window and go to the main site address and navigate from there.

1. Check the Web address
Just because the address looks okay, don’t assume you’re on a legitimate site. Phishing Web sites often contain a common misspelling of a company name.

2. Pop ups
Be careful if you’re sent to a Web site that first displays a pop-up window asking you to enter your user name and password. Phishing scams may direct you to a legitimate Web site, but then use a pop-up to gain your account information.

3. Look for your personal sign-in seal
Because online scammers create fake Web sites that look like those of legitimate companies, it can be hard to tell that you are on a phony, or “spoofed,” site. As a result, some Web sites including Yahoo! allow you to set up a sign-in seal. A sign-in seal is an image or secret message that you select to appear when logging in to a legitimate site. Once you’ve set up a sign-in seal, it should appear every time you visit that site. If your seal does not appear, beware: You could be on a fraudulent site.

How To Identify A Phishing Email

1. Urgent action required
Fraudsters often include urgent “calls to action” to try to get you to react immediately. Be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.”

2. Link to a fake Web site
To trick you into disclosing your user name and password, fraudsters often include a link to a fake Web site that looks like (sometimes exactly like) the sign-in page of a legitimate Web site. Usually the lower right corner of your browser will show you exactly where you are going. Watch for misspellings such as Yaho, eebay, and shwab,

3. Legitimate links mixed with fake links
Fraudsters sometimes include authentic links in their spoof pages, such as to privacy policies and terms of service pages for the site they’re mimicking. These authentic links are mixed in with links to a fake phishing Web site in order to make the spoof site appear more realistic.

4. Marginal grammar
Suspicions should also increase if there are obvious grammatical errors or non-standard uses of English. Bad grammar is a strong indication of a fraudulent site.

What To Do If You’ve Fallen For A Phishing Scam

1. If you think you’ve entered your ID and password into a phishing site, open a new browser window, manually type in the Web address of the site in question, log in and change your password.

2. Contact your financial institution immediately if think you’ve given out account information to a fraudulent site.

3. If you’ve received a suspicious email or IM, report it to Yahoo at phishing@cc.yahoo-inc.com, the Federal Trade Commission (FTC) at spam@uce.gov and the company in question.

For more information about online security, visit the Yahoo! Security Center at http://security.yahoo.com

Courtesy of ARAcontent

Trackback URI | Comments RSS