Don't Get Hooked By An Internet Phishing Scam.

Don't Get Hooked By An Internet Phishing Scam. If you haven’t heard of this you have definitely come to the right place! Phishing (pronounced like ‘fishing’) is one of the most prevalent threats to your online security today. As you know, ‘fishing’ is a sport where you cast a line into water that has a hook with some sort of bait on the end of it. Unsuspecting fish, see the bait, say a nice juicy worm, and take a big bite. Unfortunately, along with the juicy worm is a sharp hook. You know what happens next to the fish in this story.

‘Phishing’ is a similar sport except you are the fish. A phisher uses email as the line and an urgent message as the bait to catch unsuspecting online users.Here’s how phishing works:The unsuspecting fish (you) receives an email (the line) that looks like it comes from someone you would likely trust such a bank, online store, the CIA or even your internet service provider (AOL, EarthLink, NetZero, etc).

The email message has an urgent message (the bait) that says that something has occurred that requires you to ‘immediately’ respond. The most common message is that your online account has been accessed fraudulently and you must provide information to keep your account from being closed. The email will have a link to click or a form to fill out. If you click the link you will be taken to a site that looks just like you would expect from your trusted site. Here’s where you, I mean the fish, gets yanked out of the water and end up flopping around on a boat… The site you go to is actually a ‘spoofed’ (fake) site.

A criminal somewhere in the world has taken over a website somewhere else in the world and created a site to look just like the real one. So that site that says ‘Welcome to Your Bank… Login here’ and looks just like your bank’s website it is really only a cover for a criminal. Any information you enter on this site, such as a user-id, password, credit card number, PIN, address, etc. is now in the hands of the phisher and every other criminal in the world willing to pay a couple of bucks (or Euros, Yen, Rubles, etc) for it.

The phisher can now access your online accounts, charge items to your credit card or attempt Identify Theft. Now you know what the fish feels like… How do you avoid being ‘hooked’ by a phisher?As a rule of thumb NEVER, NEVER respond to an email that is asking for personal or financial information unless you can verify its authenticity through another source. Assume the request is FAKE until you can verify it. Even if it appears to be from a known party, such as your bank or online service, call a customer service number that you get somewhere other than from the email to verify.

If customer service doesn't recognize the email, just delete the message. Never open files attached to emails unless you can verify the source. Unfortunately most spam attachments contain viruses that can destroy your PC or steal your personal/financial data. Install free Phishing detection software. Many online services such as PayPal (, eBay (, Amazon(, Bank of America ( and others now have free tools for their customers.

You can also try free software from McAfee( or Symantec ( that will alert you if the site you are on might be dangerous. Consider upgrading to Microsoft Internet Explorer 7 or another browser that has built in phishing detection. Don't end up dangling at the end of a phishers line.Aubrey Jones is President and founder of Riverbank Consulting, Inc. Since 1996 he has worked to protect internet banking clients for one of the top US financial institutions.

