Phishing Atempts and Internet Security

Companies globally spend hundreds of billions of dollars every year for hardware and software to protect their data. And, they spend even more time educating their employees about the dangers of computer viruses, malware, and spam. Companies also make substantial investments on antivirus and Internet security.

In the end none of this matters when all it takes is one well crafted phishing email that directs an employee to a bogus website. Known as social engineering, this type of crime is feared by corporate security staffs globally.

Phishing email messages like the one below might fool you into believing it was really from the Internal Revenue Service (IRS), especially after you recently had visited a government website, or if you actually pay your taxes over the Internet. At second glance, you'll notice the spelling errors, and bad language in the subject line. It looks like this...

"Subject: Your Federal Tax Payment ID: 01037591804 has been not accepted. THE EAISEST WAY TO PAY YOUR FEEDRAL INCOME TAXES. WARNING!"

Any phishing attempt is designed to steal your identity because masquerading as a legitimate entity is a great way to obtain personal and company confidential information. Phishing emails and instant messages use social engineering and typically require recipients to click on a link in order to verify or update personal information.

Phishing emails are pretty basic with these traits: they use a scare tactic or a message of urgency where they will either ask for personal data or direct you to website or provide a phone number to call, where they will ask you to provide personal data.

These messages can take on many different forms, but a phishing email usually appears as if it is coming from a legitimate company that you might do business with - such as your bank, or eBay. Nowadays you may even see phishing attempts related to one of the many social networking sites like Facebook or Twitter. People are easily tricked because some phishing attempts often include company logos that appear real or official.

Most phishing emails are easy to spot because of the poor grammar and spelling errors, however, there are increasing amounts of phishing emails that display official corporate logos and professional copy that make them appear very legitimate. Just like spam, phishing emails are sent to millions of email addresses in an attempt to "fish" for only a few people that will be fooled.

Scammers try to make phishing email messages look even more legitimate by placing a link in them that appears to go to a legitimate website. In reality, if you click on the link, it will take you to a fake website or a pop-up window that looks exactly like the official website, so don't be fooled. Loook closely.

Most legitimate businesses will not ask you to send passwords, login names, social security numbers, or any other personal information through email, which is why you're often directed to a fake website. And, they will never threaten you with account closure or account lock down.

You may have seen the lottery scam -- a very common phishing scam known as advanced fee fraud -- where a message claims that you have won a large sum of money, or that a person will pay you a large sum of money. These lottery scams often refer to large companies, like Microsoft.

Phishing attempts and the links in them will almost always use a directional phrase such as "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.

If you get a phishing link urging you to click in an email message, on a website, or in an tant message these often contain part of a real company's name and they are usually masked -- the link you see does not take you to that address but somewhere different, usually an illegitimate website.

One way you can tell if it is legitimate or not is by "mousing over" (hovering, but not clicking)your mouse pointer over the link, and as in the example below. Note the real web address, appearing in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address. .

Many scammers today also use web addresses that resemble the name of the company but that are slightly altered by adding, omitting, or transposing letters. For example, the address "www.microsoft.com" could appear instead as "www.mircosoft.com"

The reason why you should care about phishing is because it can put personal identities and corporate information at risk. Today's phishing schemes sometimes include details about your personal information that scammers can find on your social networking profile pages. Spear phishing is an attack in which an email message appears to come from a colleague or employer who is sending a message to everyone in the company.

In order to tell for sure if an email message is a phishing attempt, the first line of defense is a good Internet security product to protect you from ID theft, risky websites, and voluminous spam.

It is essential to keep PCs and servers current with the latest software updates and patches; minimize exposure to vulnerabilities by applying the latest security updates and patches to your software programs and operating systems; and always enable automatic updates where possible.

Educate employees -- make sure employees are aware of spam and how they can help prevent it. Maker sure they never provide personal or confidential information in response to unsolicited email or IM requests.

Also, be sure to set up a firewall to control the data coming through your ports.