- How to tackle phishing...
In light of the recent iPad scam, where some AOL users received an email purporting to be from AOL's Vice-President, we thought it would be useful to give you some more information about online swindles and how to avoid them.
Phishing is the name given to the practice of sending fraudulent emails and the reference to the sporting activity is a good one.
The purpose of phishing messages is to lure you into divulging personal information, such as passwords and credit card details, that can be used to gain access to your secure accounts. The message tries to hook you with tempting bait, such as the possibility of a free iPad or by making you believe that you need to update your account information.
Just as a real fisherman uses a plastic lure that for a fish looks like its regular source of food, so phishing messages often pretend to be from your regular correspondents, such as your email provider or bank, in the hope that you'll take the bait.
How to spot a fake source
There is a very simple way to immediately tell if an email from AOL is genuine or not. All official correspondence from AOL features an AOL Certified Mail stamp, so if an email doesn't carry this, it's not from us.
Your bank and other institutions may have similar identification marks on their official correspondence, so always look for one before taking action on messages you receive.
Another way of recognizing legitimate messages is to look for specific details about you that the genuine organization would know. Being greeted by your Username is a good sign; a message beginning "Dear Bank Member" is not.
Banks often include the last four digits of your credit card or account number in correspondence – just make sure you're not looking at the first four numbers as these are usually the same for many customers.
But even these specific details can be obtained by phishers and certification stamps may be replicated. So it's always a good idea to apply some common sense to your inbox.
Beware Greeks bearing gifts:
The old aphorism may seem harsh on the very generous people of Greece, but its origin is the ancient Greek story of the Trojan horse. According to the legend, a Greek army invaded the walled city of Troy by hiding soldiers inside a large wooden horse that the Trojans, believing it to be a gift, brought in through the city gates.
The moral of the story still applies today. If something seems too good to be true – yay! our enemies have left us a giant statue as a present, or yay! a Nigerian prince wants to share his fortune with me – it probably isn't.
Spiking your links
Always be wary of emails that ask you to sign-in or enter personal details via a website link. It is very easy to spoof a link, so clicking on an organization's official URL could actually redirect you to a different website, which may even look like the real thing.
A good way to ensure that the link and the destination site are the same is to hover your pointer over the link and look at the bottom left of your browser. Most browsers will show you the actual link.
Another common trick is for a link to look like the genuine article but with a subtle difference. So it might be .net instead of .com, or www.citybank.com and not www.citibank.com.
Emails or onscreen text from AOL asking you to log in to your account should never contain a link, but instead will direct you to manually type myaccount.aol.com into your browser.
If in doubt, don't click the link. Try typing the URL into your browser or using a search engine to find the organization's genuine website.
The same is true for attachments, which can transmit viruses and malware to your computer when opened. If you don't know the sender never open an attachment, unless you are certain it is genuine. If you receive an odd-looking attachment from a friend, reply and ask them to confirm that the attachment is virus-free.
Emails from yourself
Similar to spoofed links is spoofed email addresses. You may receive an email that looks like it is from one of your contacts, or even yourself, that contains suspicious looking content.
It is possible that hackers have gained unauthorized access to your account, but it's more likely that your address has been spoofed and the email is actually from another source.
A good way to avoid spoofed messages from yourself is to delete your own email address from your Contacts. This increases the likelihood that your spam filters will catch these phishing mails.
For more information, check out our previous post about spoofed email addresses.
Mark as spam
If you receive an email that you believe to be a phishing message, never reply to it. Don't even try and unsubscribe from the mailing list. Doing so only lets the phisher know that your account is active and you are likely to receive even more spam.
The only thing you should do is to mark the message as Spam. This helps improve your filters and prevent even more junk mail from reaching you.
For more information, see our previous post about Spam Settings.
Phishing doesn't just happen over email. In fact, social networks are fast becoming the primary targets of phishers, particularly because people tend to be far more open and trusting when using Facebook than when they are in their mailbox.
Instant Messaging is also a target, so if you use AIM or other IM services, be vigilant.
Your password is your security
The best way of ensuring your online security is to always keep your passwords secret.
No legitimate organization should ever ask you to supply your password over the phone, by email or IM, or via a social network. Only enter your password on encrypted sign-in pages or digital forms. Look at the domain name: it should start with https:, as opposed to http This indicates that you are on a secure site.
And while it's nearly impossible to create and remember different passwords for every single site you sign in to, it is advisable to ensure that the really important passwords for your email and bank accounts, are truly unique.
This way, if someone discovers your password for something as harmless as your fantasy football sign-in, at least they can't access your bank account with the same secret code.
Use common sense
All of this information might suddenly make the internet seem like a much scarier place, but it doesn't have to be. Simple common sense is usually enough to steer you clear of the phisher's hook and ensure you don't end up as the catch of the day.
Compliments of The AOL Mail team
OF PALM SUNDAY, DONKEYS, FICKLE CROWDS AND POETRY by gillyk Today's Palm Sunday, which for us started in the teeth of a...
Image by Lorenzoclick via Flickr Bless them all by paulinemom
Image via Wikipedia Magic mushrooms fuel crime spree Magic mushrooms fuel crime spree Jail time for a 21-year-old man who went on a vio...
Open invitation to join GBE 2 Blog On - FB Blogging Group Open invitation to join GBE 2 Blog On. - FB blogging group Guest post...
Peppermint tea (Photo credit: Wikipedia ) Peppermint tea has a number of healing properties... by Bar...
The Kiwi Bull Run - gotta get a way from this big black bull... Jellen's Blogevolve Writing Challenge - My childhood m...
Singalong with Fred Dagg... http://folksong.org.nz/gumboot/