What is Phishing and How Can I Protect Myself from It?

Contributed by MickeyMouse July 18, 2006  
Tagged: Internet

Phishing is frequently discussed as one of the most dangerous methods that people can use to steal your personal information. This tutorial briefly describes what phishing is and describes how to protect yourself from it.

Since davak initially described phishing attacks, more ways to protect users have been developed. Therefore, I decided we need another tech-recipe describing these updates.

What is Phishing?

Phishing is when someone uses a fake web site to obtain users’ personal information such as credit card numbers. E-Bay, paypal, and banking account sites are frequently used in this manner.

The scammer typically just creates an exact copy of the web site and then sends spam to users asking them to update their personal information. The user is actually directed to the fake web site. Entering the information here is placing it directly in the thief’s possession!

How do I Protect Myself?

Honestly, most phishing can be stopped by common sense. Never visit a web site by clicking within your email and then entering personal information into that web site. Sites typically will not email you requesting you to re-enter personal information. If you do get an email requesting that you re-enter personal information, call the company and verify their request first.

Several software packages also exist that will help protect you. The next generation of browsers, IE7 and Firefox 2, come with built-in phishing protection but are currently only in beta-testing.

Two toolbars work extremely well — spoofstick and netcraft’s anti-phishing toolbar are both well respected in the security community. Google’s toolbar for Firefox also contains excellent phishing protection.

Obviously, none of these anti-phishing tools will take the place of common security sense. Be careful when posting your personal information online.