Online Safety: Don't Swim with the 'Phishes'

Hi, folks. Continuing this week's focus regarding online safety, another safety concern of mine is phishing. Phishing is the term used to describe fraudulent or scam-related e-mail. It's very important, considering that it isn't going away anytime soon and can be used in conjunction with other mischievous deeds.

I had a chance to look over the Anti-Phishing Working Group's analysis of phishing trends. Surprisingly, phishing is still showing an upward trend [pdf]. That report has some pretty charts and information regarding the trends with phishing, malicious software and other computer security-related topics.

Considering the evolution of social networks like AIM Pages, fraudsters evolve their methods to deceive and collect information from unsuspecting users. From my review, their tactics appear innocent, such as attracting users to click a link to view pictures from an account.

The key to not falling prey to these scams is to look for signals that alert you to stay away from them. I strongly believe that if we apply the same techniques to deter phishing in e-mail, we (as users) can deter them from poisoning social networks.

I'll be honest -- I have only seen very few scams make their way past my AOL Spam Filter. Here are what characteristics I look for in an e-mail that may appear "phishy":

Do I have a relationship with this entity? If an e-mail claims I have an account with them and I need to reset it, I don't even bother. I just toss it to the spam folder.
Who is it really from? I can say after many years, I've learned to read e-mail headers as if they were in plain English, but you don't have to go through all of that. Some fraudsters are able to mask who they are by modifying the From field. If you want, you can learn how to read e-mail headers to determine if an e-mail really originated from its supposed source. Whether you can understand mail headers or not -- take the From address with a grain of salt.
What do they want me to do? If they want me to update my information, make a payment, or anything pertaining to my account -- I do it myself. For example, if my bank e-mailed me stating I need to update my information, I would manually type in their Web address and navigate to my account that way. This reaction prevents me from accidentally going to a phisher's page and potentially getting a virus.
How do they know me? If their e-mail starts out with "Dear Customer ..." or doesn't address my name in the salutation, odds are I don't have business with them. E-mails from providers will vary, some using your name, account ID, or simply confirming the last digits of your account number.

I use my best judgment to determine if I click a link (or a picture) in e-mail. If it's a trustworthy source that I know I've solicited contact with, then more likely than not, I will click the links or pictures contained. With e-mail you can never be too careful, so if you suspect an e-mail is false, then go ahead and access the company's Web site or contact them directly via telephone. Be careful, though, some online thieves are going as far as setting up fake telephone numbers within the e-mail, so it is even more important to verify who contacts you.

Trust, but verify. This rule that I live by means that I trust the e-mails that are sent to me, but I verify the need for me to do something. I verify the need by accessing the website directly to confirm that.

Stay tuned tomorrow as I explain the differences between the types of e-mail you might receive from AOL. What are your thoughts on phishing and e-mail safety? Leave your comments below, and I'll answer any questions you may have.

Tags: Safety, E-Mail, Phishing, Scams, Fraud, Spam, Tips

Subscribe & Syndicate -- Learn all about RSS and Syndication

Stay informed of community tool updates and learn the latest tips/tricks for blogs, Message Boards, IM, AIM Pages, UnCut Video plus more.Clicka button below to add the blog to yourRSS feed reader or set up an Alert.