Web Page Phishing and Identity Theft

What is Phishing

Phishing is a particularly popular scam in which a party creates an official-looking web page that asks you to provide your username and password, or other personal information such as your Taxation number, bank account number, PIN number, credit card number, or mother's maiden name or birthday. The Phishing web page is generally an exact copy of an official web page in which you might normally enter this information.

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.

In most cases, you'll receive a link to this phishing page via an email which claims to come from an official-looking (but probably forged) address.

You can also end up at these pages by following links that you find on the web or in Instant messages.

You will asked you to click on a link in the email. The real URL of the Phishing web page is generally hidden behind a printed text version of the URL for the copied web site. Clicking on the link will take you to the (hidden) URL of the Phishing Site.

How can I avoid Phishing Web Sites and Identity Theft?

  • Be suspicious of any email with urgent requests for personal financial information
    • you can't be sure that a normal email wasn't forged or 'spoofed', even if it appears to be from a regular correspondent
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, taxation numbers, date of birth, etc.
    • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
  • Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic.
    • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
    • Phishers are now able to 'spoof,' or forge BOTH the "https://" that you normally see when you're on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
    • Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a 'safe' site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
  • Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the URL address line in your browser. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
    • The newer version of Internet Explorer and Firefox includes this tool bar.
    • Ensure that your browser and operating system is up to date and security patches applied