Don't let phishers catch your information


By now it's no surprise that there are scams on the Internet. Everything from magical pills to offers of instant wealth fill e-mail inboxes. But every scam might not be obvious at first glance.

Phishing is the act of illegally obtaining personal information through e-mails that appear to be real. These e-mails might contain an official logo or an image from the company's Web site. But in reality it is a phony e-mail from a hacker who is interested in "catching" personal information (hence the term phishing!). According to PhishTank, a Web site dedicated to reporting and stopping phishing e-mails, there are more than 706,000 reported phishing e-mails.

What scammers are "phishing" for range from passwords to bank account numbers. According to Consumer Reports, victims lost $2 billion to phishing in 2008. The phishing scam usually starts off in the form of an e-mail. Some messages ask for a reply, others ask recipients to visit a Web site or call a specific phone number.

Josh Devers is a technical support technician at Socket, a Missouri-based phone and Internet provider. He advises Internet users to be cautious online.

"Any request at all to change or provide information is suspect," Devers said. "If anything needs to be verified, contact the company directly."

E-mail users should always view an e-mail requesting a reply or action with suspicion. "The best weapon against phishing is knowledge," according to Devers. "Being smart about e-mails can prevent Internet users from falling prey to hackers. There are plenty of simple precautions proactive computer users can take to reduce their personal risk levels at no cost besides time and effort. Start by monitoring your bank statements regularly for suspicious activity."

Other tips Devers offers include: disable links in your e-mail if the sender is not known, never fill out forms online unless it is a secure site (a padlock and https:// are two signs to look for) and regularly change your passwords.

In the attempts to make the recipient more comfortable in providing information, a phishing e-mail might direct them to a Web site. The Web site will usually look exactly like the company's real site, but it is actually counterfeit. If a link is provided in the e-mail, do not use it! Instead manually type in the address of the site, rather than clicking on the link directly. This type of scam recently circulated Facebook, a popular social networking site with 200 million active members, directing users to a login page that was identical to the real Facebook. But once the user logged in, the hacker acquired the username and password. This is valuable, because frequently people will use the same names and passwords for all Web site logins. To avoid a hacker obtaining this access, consider changing your user name and password with each Web site login. It might be harder to remember, but it would be better for a scammer to have access to one account, rather than all.

Consumers are becoming increasingly knowledgeable about the steps to take before giving out personal information. But phishing e-mails continue to evolve as well, asking readers to call a provided phone number instead of visiting a Web site. It is important to exercise the same caution via telephone as online, since hackers can easily infiltrate in this way as well. To verify you are speaking to the legitimate business, do not dial the number provided in the e-mail. Obtain the number from your records, or go to the Web site to locate the number.

To report suspicious e-mails, visit And avoid becoming another victim by following Devers' advice by judging all e-mails that request information guilty until proven innocent.

Socket Tech Talk is provided as a service to distribute general information concerning technology-related topics. Please consult your local computer expert for information specific to your situation.