Here are some general guidelines that you should follow to prevent yourself from getting victimised by Phishers.
1. Do not respond to any email with requests for personal information.
These emails will usually ask the recipient to divulge sensitive information such as passwords and usernames. Another commonality among phishy emails is that they will try to create a sense of urgency in the reader by saying things like “Your account information will be lost if you do not register again immediately.” Such a statement cannot be made by a genuine email as legitimate companies give weeks or months of advance warning if account information is at risk – which itself is a highly unlikely event.
If you are unsure about the authenticity of the message, please contact the company or organization directly through the telephone.
2. Never use a link given in the email to visit the website.
Visit the given website address by directly typing the address into your browser’s address bar. Alternatively, the URL can be copied and pasted on the address bar.
3. Install a Web browser tool bar to help protect you from known phishing websites
You can download the EarthLink ScamBlocker freely from: http://www.earthlink.net/earthlinktoolbar/download/
This toolbar will alert you before you visit a page that's on Earthlink's list of known fraudulent phishing Web sites.
4. When you are submitting your personal information through a website, ensure that the website is secure.
Do the following before you enter any personal information:
- Check that the address of a Web server begins with "https://" rather than just http://. This signifies that the Web server is secure.
- Ensure that the Web site uses encryption to transmit your personal information. If you are using Internet Explorer, you can do this by checking the yellow lock icon on the status bar as seen below.
- This symbol signifies that the Web site uses encryption to protect the sensitive information that you enter. Double-click the lock icon to view the security certificate for the site:
- Ensure that this certificate is issued to the site that you are currently on. If you are not sure whether the certificate is authentic, please do not enter any personal information and leave the site.
5. Regularly review your bank and credit statements to ensure that all transactions are legitimate
If anything is suspicious, contact your bank or credit card issuers immediately. In doing so, you may at least be able to stop a phisher before he causes significant damage.
6. Ensure that your browser is up to date with the necessary security patches installed.
A phishing website can use vulnerabilities found in your browser to exploit you. You may not even have to consciously send your details to the perpetrators, they may be able to get them anyway.
7. Report "phishy” e-mails to the following groups:
- forward the email to reportphishing@antiphishing.com
- forward the email to the Federal Trade Commission at spam@uce.gov
- forward the email to the "abuse" department of the company that is being spoofed.
- Inform the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/
When forwarding the phishy messages, please remember to include the entire original email. This action will help the authorities to trace and condemn the perpetrators.
Reference
How to avoid the phish hook
http://www.nwfusion.com/newsletters/techexec/2004/0809techexec1.html
Consumer Advice: How to Avoid Phishing Scams
http://www.antiphishing.org/consumer_recs.html
Simple steps to avoid being phished
http://www.sophos.com/spaminfo/bestpractice/phishing.html