A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money. Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.
Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials. Spoofed emails that appear to be from legitimate businesses, lead consumers to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames and passwords. Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.
Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients' online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”
How can you protect yourself against phishing?
The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.
Steps you can take:
Have good habits - do not respond to the links in an unsolicited email or on Facebook
Protect your passwords and don't reveal them to anyone
Do not give sensitive information to anyone—on the phone, in person or through email
Look at the website's URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
Keep your browser up-to-date and apply security patches
Do not open attachments from unsolicited email
If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.