Spammers, hackers, and other online “evil-doers” often try to convince you to give up private, important info — like your bank account, credit card, password, or other secret information.
To help avoid getting caught in a so-called phishing attempt, pay attention to these tips from Stanford’s Secrure Computing site (http://www.stanford.edu/group/security/securecomputing/phishing.html):
Vigilance is the only defense against social engineering. Look for these markers to know you’re getting ready to divulge too much:
- “Here’s your big chance to play the new fantastic version of the [xxx] game!” The link, of course, goes somewhere where they will extract some private information (real name? a password that might work somewhere else? your birthdate in order to prove you are ‘old enough’ to play, etc.). This really is the #1 rule: Avoid clicking links people send you instead of using a search engine to find the proper link.
- Anything that sounds too good to be true probably is. It is unlikely that you have won the Irish Sweepstakes, even if you elect to send in a $1,000 security payment.
- Any time you get a solicitation in email that you did not request – even from a trusted friend – should be discarded immediately. No reputable company works this way.
- Email with misspelled, mispunctuated, or bizarrely formatted text is almost surely a scam.
- If something feels like it requires action, confirm via telephone with someone you know (or at least can verify, e.g., by calling the corporate headquarters) before you send money. A recent scam asks for money because your best friend (or aunt or grandmother or …) is caught in Europe (or some faraway place) and can’t return until they pay bail, or a fee, or some other money-requirement. You, the trustworthy friend or relative can help them! Call them at home to make sure they’re not there before sending money.
- Any time you are getting ready to feel good about giving away some money or information, think twice: Why am I really doing this? Do I know who is on the other end of my bequest? “Hey, John, please remind me of the combination to get into the machine room.” Who is really asking?
- “Please come back to FaceBook!” The link, of course, goes to a FaceBook look-alike which presumably reaps your name and password. Avoid clicking links people send you instead of using a search engine to find the proper link.
- “Please call this number to verify [xxx].” You’ll get a recording asking you to leave all sorts of useful information. Don’t even think of calling telephone numbers you can’t verify (perhaps by checking a phone book or institutional phone list) sent to you unsolicited in email.
Keywords to avoid: verify, account, won, lottery, respond [now, quickly], or you will suffer [some horrible thing] See these? Click delete.
- Vishing: These same pitches and scams work in airports, for panhandlers, and all sorts of non-computer scammers, too, by the way. They even work when people call you on the phone! “Hey, Jill, this is Ralph over in accounting. I’ve forgotten [xxx], can you help me out?” Look up their number and call them back.
- SMSiShing: Same idea for text messages are you phone. Don’t believe a bank will text you; call them on an independently verified number.