Dear Wizard of 'OZ',
I was wondering if you can tell me more about 'Phishing'? I have heard a lot about it but am confused about what it means.
Signed,
Not wanting to take the bait.
Dear Bait,
"Phishing" is the name given to the kind of identity theft that attempts to persuade its victims to fill out an online form or respond to an email with details of their bank accounts, credit card numbers, passwords and other personal information. People can be fooled into doing this when they believe that they are reconfirming information needed by a reputable institution with which they are doing business.
Banks will never send you unsolicited emails asking for confidential information, such as your password, PIN, credit card and account numbers. They will never ask you to validate or restore your account access through email.
There are fraudulent emails that appear to have been sent by Canadian banks including Scotiabank and others. Please do not respond to emails asking you to verify confidential information by clicking on a link in the email. The link leads to a modified webpage that looks like a Scotiabank, or other banking webpage asking customers to validate personal information such as their bank card number, password and PIN.
Report any suspicious requests to local your bank (BY PHONE) or call your local police.
Do not respond to emails or web sites requesting personal information.
Here are a few other practices that will assist you in avoiding these scams:
Recognition
Be suspicious of any email with urgent requests for personal financial information.
An unexpected web site, web page or email appearing to be from a legitimate company (such as Scotiabank) may try to entice you to provide your personal information by claiming to verify security information or account details, possibly to avoid interruption of a service.
Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately (ie. threatening to discontinue access, or close an account).
They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, social insurance numbers, etc.
Phisher emails are typically NOT personalized, while valid messages generally are. In addition, many phisher emails contain spelling and grammatical mistakes.
Ensure that you are on a legitimate web page, examine the name after "https://" or "http://" and make sure that it is a recognized domain name. For example, the Scotia OnLine Sign-on page always starts with:
"www.scotiaonline.scotiabank.com/". Exact spelling is important - any slightest deviation from this would indicate a suspicious site.
For example: To access Scotia OnLine, always type out the address "www.scotiaonline.scotiabank.com".
Actions - Don't use the links in an email to get to any web page, if you suspect the message might not be authentic.
If you do have a relationship with the company mentioned in the email, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information.
You should only communicate information such as credit card numbers or account information via a secure website.
Please follow Safe Computing Practices to help protect your information.
It is important that you take steps to protect your information on your personal computer. Online Banking services follow strict Internet security standards. While they take strong measures to ensure the security of your financial transactions and the confidentiality of your information, it is extremely important that you also take precautions to ensure that your information remains safe and secure. We advise customers to read about these topics and follow the recommended safe computing practices:
1. Protect Your Privacy
Use caution before answering online and email requests for your personal information. Banks will never present you with unexpected webpages or send you unsolicited emails asking for your confidential information, such as your password, PIN, Access Code, credit card, account number, etc. We will never ask you to validate or restore your account access through unsolicited email. Protect your OnLine Password. Your OnLine password is confidential and must never be shared with any outside person or company. Pick a password that is difficult to guess by using a combination of letters and numbers (nothing obvious).
Never send confidential information (such as account numbers of any type, bankcard, password, Access Code, etc.) via email. Avoid using software that records your passwords so that you don't need to enter them the next time you access a website from the same computer. This type of software could give other users of your computer access to your accounts. Avoid accidentally agreeing to have your Internet activity monitored by other parties by carefully reading the terms of any software you download and free services you accept online before you download them. Do not leave your computer unattended while logged on to your bank.
Always log off when you're finished your online banking session.
Clear your browser's cache after each OnLine session. Each time you access the Internet, your browser automatically saves a copy of the web pages you've visited. Diligently clearing your browser's cache after each session is an important step in safeguarding your account information.
Keep your bankcard in sight at all times during transactions and never lend your card to anyone.
Review your account statements and/or online account transaction details promptly and report any discrepancies immediately. With most online banks, you can review your up-to-date account transactions and therefore identify any discrepencies immediately.
2. Use Anti-Virus Software
Whenever you use your personal computer and the Internet, there is a potential risk of contracting a computer virus or the possibility of infiltration by intrusion software commonly known as "Trojan Horses". Computer viruses can modify programs, delete files and erase the contents of hard drives. "Trojan Horses" can have similar effects and may be able to capture keystrokes, including passwords or other secret information. Spyware and other deceptive software can also conduct certain activities on your computer without your knowledge or consent.
The potential consequences of any of these threats could include damage to your personal computer, compromise of your secret information and the inability to use online banking.
For these reasons, You are advised to follow these practices:
Install and frequently update a proven anti-virus product, such as McAfee VirusScan or Norton AntiVirus. Most popular anti-virus products include some spyware scanning capabilities.
Only accept or download software from a source that you believe to be trusted.
Never accept files or attachments when accessing websites, newsgroups and chat rooms unless you are very sure of their authenticity.
Warning about 'free' services and software offering faster web surfing and email virus scanning: You are strongly advised to carefully read the terms of any free services you accept or software you download online before you accept them. They are known to sometimes include your consent to having all of your Internet browsing activity, including secure transactions monitored. In consenting to such terms, you may allow the service provider to collect highly personal information such as your bank account and credit card numbers and passwords. Your OnLine password is confidential and must never be shared with any outside person or company. In divulging your password, you may contravene the terms of your Bank Cardholder Agreement and you may be fully liable for any unauthorized access to your accounts and all associated losses arising from these disclosures.
Ensure you are using a legally licensed operating system.
3. Protect Your Internet Connection
There are additional vulnerabilities associated with having a computer directly connected to the Internet for an extended period of time. This applies to all users but it is extremely important for users with cable modem or digital subscriber line (DSL) Internet access. These methods of connection do not require 'dialing' into the Internet and thus are sometimes described as 'always on' connections. Unfortunately, as long as the computer remains 'on' and connected to the Internet, malicious parties have a continuous window of opportunity for attacks on the user's personal computer.
If you use a cable modem or DSL connection for Internet access, you can limit this security risk by disconnecting from the Internet when your session is complete, or by turning off the cable or DSL modem. However, if you want to continue to take advantage of the 'always on' feature of cable and DSL connections or if you run extended dial-up sessions on the Internet, we recommend the following security measures be taken:
Disable File Sharing on Your Personal Computer - File sharing is a feature of Windows that allows other computers to access your personal computer, even from across the Internet.
Microsoft has provided instructions on how to disable file sharing in Windows Help (Click Start, Help, then choose the 'Index' tab and type "file sharing, disabling").
The recommendation is to disable file sharing. However, if you choose to retain this option for your particular environment, exercise due care and apply appropriate security measures.
Install a Personal Firewall
Install and frequently update a proven personal firewall product, such as Personal Firewall Plus Zone Alarm or Black Ice , that can be configured to prevent unauthorized access to your personal computer and keep it up-to-date.
Get Computer Security Updates
Ensure that you are using a legally licensed operating system. You may be able to improve the security of your system by getting updates to help correct issues that may make your computer vulnerable to virus or worm attacks. As such, you should diligently apply security patches as they become available.
Find out more:
Windows users: Microsoft Security
Macintosh users: Apple Product Security
If you have a wireless network, there are additional measures that should be taken to protect your Internet connection:
Use encryption - Enable the highest level of encryption available for your router; newer wireless routers typically use Wi-Fi Protected Access (WPA), and older versions use Wired Equivalent Privacy (WEP). This will encrypt all data transferred between your personal computer and wireless router. In addition, devices without your encryption key cannot connect to your wireless router.
Change your default password - All wireless routers are given a default administrator password by their manufacturers, so make sure to change this password to prevent unauthorized access to your wireless router.
Change SSID (Service Set Identifier) - The SSID is the name of your wireless network.
In order for a computer to connect to your wireless network, the SSID must be known. You should change the manufacturer's default SSID name to a unique name that will not be easily guessed, and has no direct connection to you or where you are located (e.g. don't use your last name or street address).
Switch off SSID broadcasting - You can further secure your network by disabling SSID broadcasting, which will hide your network from outsiders. It would be very difficult for an outsider to access your network once you have changed your SSID and turned off broadcasting, as they would have to start guessing the name of your network to access it.
Hope this helps.
Remember... 
No comments:
Post a Comment