Phishing is most common by e-mail, and if you have an e-mail account, it's all but certain that you have received a phishing e-mail. However, beware because phishing attempts can also be made in many different places such as pop-up windows, instant messages, or phone calls. The scam usually works like this:
Phisher sends you an e-mail mimicking a trusted Internet brand (we'll use XYZ Company as an example), with a message that asks you to click on a link for the purpose of updating or verifying your account information.
When you click on the link, it brings you to a site that looks like XYZ Company, but is not. If you "update" your credit card at this spoofed site, you will have just given your credit card to a criminal.
How can you protect your self?
The best way to protect your self is to use a little common sense. If someone contacts you, out of the blue, and asks for your personal information, be suspicious.
Additionally, here are some simple measures you can take to protect yourself and your business.
Use a good spam filter. Most phishing messages are easily detectable by a good spam filter and should not even hit your inbox. But beware! Even the best filters can be tricked by the phishers sometimes.
Keep your web browser updated. Current web browsers are starting to help users detect phishing. Here are links to a description of how some popular browsers are incorporating phishing detection into their browsers:
Take the Initiative. Phishers succeed when you allow them to steer you to their site and you give them information they are looking for. Don't let them steer you:
If you get an e-mail from a website asking you to click on a link to update your information, don't click on the link. Go to the homepage of the website by launching a new web browser and typing it in.
If you get a phone call from your bank asking you for personal information, tell them you will call them back. Hang up. And call a trusted customer service phone number, such as the one you find on your statement or bank's homepage.
Check the Security Certificate. Any site that collects personal data should be using a digital security certificate. A digital security certificate will appear as a small lock in the address bar of your web browser. Click on it and it will verify the name of the company that owns that certificate.