nntipiconDon’t take the bait! Just when you think you know the drill and can spot a phishing scam for what it is, the phishers come up with something new. Phishing scams have been prevalent for several years now, and the scamsters are still coming up with new twists on how to get your personal, private information.

According to nophishing.org, “Phishing” is when criminals use email, phone and online scams to purposefully and maliciously trick people into sharing information such as passwords, social security numbers, account and credit card details, and even your mother’s maiden name. The best line of defense is to keep this fact in mind:

“No legitimate business or government agency will ever ask for personal information via email or phone unless you initiate the contact. If you receive such a request, DON’T RESPOND.”

 

Statistics from nophishing.org:

  • According to a Federal Trade Commission report, Information Theft is the fastest growing crime in the US. On average, it occurs once every 79 seconds.
  • The average consumer loss from a phishing attack is $1,200.
  • According to a Symantec presentation, 1 out of every 125 emails sent is a phishing attack.
  • The Anti-Phishing Working Group reports that 5.7 billion phishing emails are sent each month. Each month there are reports of over 150,000 unique phishing attacks and 3,000 new phishing websites.
  • Needless to say, Phishing is a major problem. The answer is to stay diligent in protecting your personal information. Here are some great tips on how to protect you from phishing scams.

Browsers Know Best

Keep your web browser up to date. The most recent versions of Internet Explorer and Firefox use state-of-the-art technology that will alert you to possible phishing scams. Most browsers will display secure certificate information in the address bar of the browser, so you can double check to make sure you are on the right website. See the example below of the SIS Online Banking System in Firefox. When you log in, the browser displays Sanford Institution for Savings in the address bar:

clip_image002

You can also click on it to view the certificate information published by VeriSign, a trusted certificate provider.

clip_image004

If it looks too good to be true, it probably is!

You’ve heard this advice before, and it holds true when it comes to Phishing scams. Many times phishers will use a free gift card as a ploy, or some other promise of savings to lure you in. While free gifts are often a legitimate marketing technique, most free gifts do not require personal private information. If you ever doubt a free gift offer, check a known source. For example, call the business offering the free gift directly at the number you know to be correct. Do not use the number provided in the email, it may be fake.

You can also go to the website of the business. But again, make sure you go the website you know or have bookmarked. Do not use a link provided in an email, it may be fake.

Remember Your Domain

Every business, including SIS, has several website domains it may use to provide services online. It’s important to note these domain names. If you are ever pointed to a domain that does not match one you’re familiar with, chances are it is fake as well. Here’s a list of the domains SIS uses to provide services online:

  • Banksis.com (Our primary domain)
  • Banksis.net (Redirects to Home Page)
  • Blog.banksis.net (Our blog)
  • Banksis.mobi (Our mobile site)
  • Banksisonline.com (Our Online Banking Domain)
  • Banksisonline.net  (Our Home Page and Online Banking Login)
  • Banksisstatus.com (Our system Status Blog)
  • web.fiscorp.com (our eStatement provider)

Simple Helpful Techniques

Nophishing.org also provide some Simple Techniques that you can use to avoid being a victim.

  • Never provide confidential information unless you started the conversation.
  • Never answer an email, pop-up, phone call, letter, etc., that asks for personal information. Legitimate companies DO NOT ask for this information, ever!
  • Keep your guard up at all times! Because something is written down in an email or in a pop-up does not mean that it is true and legitimate.
  • Avoid clicking on a link provided in an email or a pop-up window. Instead, go to the website yourself and navigate to the area of interest.
  • Use up-to-date anti-malware solutions to stop the installation of crime ware on your computer that could harvest your information. I use a program called SpyBot Seach and Destroy. But there are many great anti-malware solutions out there for you to choose from.  Click here for more information on Malware.
  • Do not use public computers or wireless networks to conduct confidential activities. This includes wi-fi hot spots, kiosk computers, and cyber cafés.

I highly recommend that you visit nophishing.org and review their suggested tips to safeguard yourself from phishing scams. You can help SIS combat phishing! If you believe you have a phishing email that looks like it is from SIS, you can send that email to ebanking@banksis.com.

Next week’s Security Tip, Browser Security!