So, what exactly is phishing?
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information. This is usually done by including a link that supposedly takes you to the company’s website where you are asked to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
The term ‘phishing’ is a pun on the word fishing because criminals are dangling a fake ‘lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ‘bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, user names, and more.
Here are some clues that usually indicate an email is a scam:
- The email is not addressed to you. “Dear Customer” isn’t an identifier
- You don’t have an account with the company, or haven’t used the company’s service
- Grammatical errors. Usually, you’ll notice weird capitalizations and terrible grammar.
- They push you with urgent messages to open attachments or click on links.
- If you hover over links with your mouse, you’ll see the URL destination on the bottom of your browser. You can clearly see that all links send you away from the company site—or they try to fool you by adding the company name somewhere in the URL.
So how can you guarantee you don’t fall for a phishing scam? Apply these two actions consistently and you will be nearly 100% protected from online scams:
- Drive, don’t be pulled. Stay in the driver’s seat by finding the website yourself. This is the ONLY way to guarantee you land on the legitimate site. If you use the link (or phone number) in an email, IM, ad on a website/blog site/forum/social network/text message, etc., where you land (or who you talk to) is their choice, not yours. The website they take you to (or the ‘bank manager’ on the phone) may be a very convincing copy, but if you enter your information it will be stolen and abused. Instead, use your own link. If you use the company, you may already have a bookmark for the website you can use, if not, use a search engine and type in the company’s name, then use the link from your search engine to go to the correct site. If the email is legitimate, you will see the same information when you log into your account on the legitimate site.
- Install or activate a web tool that identifies malicious sites for you so you know the website you find is legitimate. There are several tools that will do this for you. Every standard browser now has a tool you can turn on to alert you if a website you are about to click on, or just clicked on, is safe or malicious.
EDIT: And see the second picture when I hover over the link!
"This is an automated reply from the Microsoft Forefront Online Security, Spam Analysis Department. No additional correspondence will be sent to you.
We appreciate your spam submission. You will receive this auto-reply message only once per day if you submit multiple emails for evaluation in a 24 hour period. Additional information is as follows:
* Spam submissions are processed seven days per week with new spam rules pushed out continuously. Time frames for rules on individual submissions vary depending on the quantity and quality of submissions.
* As new spam rules are set globally for all customers, please be aware that not all individual spam submissions result in a new spam rule.
* It is critical that when reporting spam that full Internet headers are included. This may be done by sending the offending message as an attachment along with the full original Internet headers; OR by using the Junk-Email Plug-In (as made available for some Outlook 2003+ users depending upon your organization).
*In order for automated spam processing to take place, spam submissions should be sent in individually. Please do not forward multiple spam mails in one individual message.
Thank you for assisting us in controlling unwanted email!
Microsoft Forefront Online Security"
I do this as a matter of course. The FCC will acknowledge the complaint, assign a complaint number, and take action. It generally takes a few weeks for the FCC to acknowledge your complaint. I believe that if enough complaints are received by the FCC about to a particular sender, it will take appropriate action.
A similar approach applies if you receive robotic phone calls on your cell or landline. If you receive a suspicious call, make note of the number from your caller ID and then Google the number. If there is a history of abuse from a particular caller, copy the thread and file a complaint with the FCC, citing the thread and pasting it into the complaint form. This will alert the FCC that the caller is a repeat offender and increase the likelihood of action by the agency.
Sounds like a PITA, I know, but these emails and calls only proliferate. Once your email address/phone number gets on a list, you're going to have repeated problems.
That is very useful information and I will be submitting one for an old school email account that has had this problem for months!
It was good to check in with Webroot since you were concerned, but the indication from what I'm reading is that the page failed to load, and you were neither presented with a form in which to enter a password, nor prompted to run an executable. Probably the phishing site in question was already shut down by the time you clicked the link. In any case, WSA itself protects you against either kind of threat, phishing or trojan, and since it didn't pop up and say it found something bad, the indication is that there was nothing bad there to protect you from. Plus, support took a look for you as well. I think you can rest assured that you don't need to worry about it. That's what you've got Webroot for 😉
No you should be fine only if the page opened and you put in your personal information and details that's how one is affected by Phishing emails and the Fake Websites because of them! Here is some great info: http://en.wikipedia.org/wiki/Phishing
(The psychology of phishing)
"Comment" Interesting read on one of the biggest security issues today, Phishing emails are more sophisticated and complex....what makes us vulnerable humans are conditioned to click on links
by Mark Sparshott - EMEA Director at Proofpoint - Wednesday, 23 July 2014.
Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.
While these emails can take more time and effort on the hackers’ side, there is no doubting the fact that provide a much bigger return on investment.
Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually.
Help Net Security/ Full Read Here/ http://www.net-security.org/article.php?id=2078