If it is too good to be true, then trash it

The old adage, “if it is too good to be true, it probably is”, should be a rule of thumb for any Internet user nowadays. Scammers have found a new way to commit theft and the consequences can be severe for those who succumb to their lure. Internet scammers casting about for people’s financial information have a new way to hook unsuspecting victims: They go “phishing”. Phishing is a high-tech scam that uses spam or pop-up messages to deceive computer users into disclosing their credit card numbers, bank account information, social insurance number, passwords, or other sensitive information.

The e-mails sent by “phishers” are alarming in their realistic appearance. They usually send an e-mail or pop-up message that claims to be from a business or organization that a computer user would deal with – for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually addresses the user personally and says that they need to “update” or “validate” account information. Sometimes the e-mail may threaten dire consequence if the user does not respond. The message then directs that person to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the fictitious site? To trick someone into giving up personal information so the operators can steal that person’s identity and run up bills or commit crimes in their name. 

Here are some tips to help you avoid getting hooked by a phishing scam:

  • A rule of thumb to remember is that legitimate companies do not ask for information via e-mail and do not threaten consequences. If you get an e-mail or pop-up message that asks for personal or financial information, do not reply or click on the link in the message.
  • Do not trust the appearance of links in e-mail messages – scammers typically use HTML (the code Web pages are written in) to make them appear legitimate but actually point to a fraudulent Web site operated by the scammers.
  • If you are concerned about your account, use the old-fashioned way and pick up the telephone and contact the organization in the e-mail using a telephone number you know to be genuine. You can do a quick check of the company’s correct Web address by opening a new Internet browser window and conducting a search for the correct Web address. Never cut and paste the link in the message as that could also make you vulnerable.
  • Never e-mail personal or financial information. E-mail is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a Web site that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Some scams involve installing viruses or other malicious software on your computer without your knowledge which spy on your passwords and other personal information. Help keep your computer secure by following the 3-step checklist provided by CNS Information Security, which includes anti-virus software provided free of charge by CNS to all York faculty, staff and students, including for home use. Also included are instructions on keeping your system updated with the latest security fixes. If in doubt about anti-virus software or security updates to your work computer, check with your local technical support group.

A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. For home use, a firewall device is inexpensive, simple to setup and recommended for those connected to the Internet at home via a high-speed connection such as cable or DSL, which do not have the protection provided by the University network. Firewall software is also available, and is built into recent versions of operating systems such Windows XP, Mac OS X, and Linux.

Finally, be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them.

Report suspicious activity to CNS. If you get spam that is phishing for information and appears to involve or target York, forward it to askit@yorku.ca. If you believe you’ve been scammed, contact your financial institutions, Equifax, ISP provider and York’s CNS department and alert them to the problem.