Tuesday, July 21, 2009

Avoiding Getting Phished

Last night I was checking my email when I saw a notice from one of our banks. It was along the lines of "You have locked yourself out of your account. Click here to reset your password." I clicked and the reset form asked for my user name, password, and answers to all of my security questions.

Generally it's pretty easy for me to spot these emails, but this is an account in my name where my husband manages the credit card. At least twice in the past 8 months he's locked himself out. So I asked him if he had issues logging in that day. He said no.

I went back to the email to look for an easy way to detect phishing emails-the email address. Usually the crooks who are phishing for your information create an address and domain that would make it sound like it's the bank. They may make an email for Wells Fargo @wf.com or a Chase credit card account @chasecc.com. Most banks/cards use their full name. If you're not sure look at an old (verified) email from your bank.

My next step is always to call the bank that the email pretends to be from. They can confirm/deny the validity of the email. They can also give you the email address to forward your email, helping their tech people to track down the criminals. Forwarding the phishing emails also alerts the bank/institution to a problem so they can warn their customers.

The quick and dirty version:
  • Don't click through an email and enter account information
  • Check the email address to see if it's actually from your bank
  • Call your bank to double check the email
  • Get the email address to forward phishing email to the tech department at your bank

No comments: