No, you did not really win the European lottery.
No, you have not been chosen to be an import/export representative for an Asian ceramics company.
No, you should not click on that link to verify your ebay, paypal or bank account information.
And chances are pretty good that somebody you have never heard of did not leave you seven million dollars in his will.
These are all examples of fraudulent e-mail known as phishing, and it’s becoming increasingly sophisticated and cunning. “Phishers” attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing”; the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. One of the most important things to consider regarding Phishing is that the extent of its success is mainly dependent on the people who actually receive the email. Clearly, the human factor is the only vulnerability that is virtually unpatchable, and no security product, service or update can protect people from their own choices. You can contribute significantly to your own security by just following certain guidelines and performing simple, logical practices, such as these suggested by TrendMicro:
Practice prudence when receiving email messages that ask for account credentials. Remember, Phishing emails are designed to upset, confuse, or excite recipients, to entice them to react immediately.
2. Ensure that any Web site visited is secure when submitting sensitive information such as credit card numbers. One indication that a Web address is secure is if it starts with https:// rather than http://. Another indication is a padlock icon at the bottom of the screen, which when clicked, displays a security certificate.
3. Do not click any link inside an email that is suspected to be spoofed. Instead, go directly to the legitimate company’s site by directly typing in the legitimate company URL in the address bar of the browser, then log on from there. One can also call the company directly. Previously targeted companies have disclosed contact information for Phishing-related incidents.
4. Avoid opening any file attachments of suspected phishing email messages as they might execute a malware program that can steal personal information.
Most email systems employ several different methods to combat SPAM and phishing, and their filters are updated on a regular basis, but a few unwanted emails will inevitably get through. If it were easy to stop, it would be stopped already. If you do receive a phishing email, you can report it to the organizations listed below, or add it to your junk senders list. Then delete it! NEVER REPLY TO IT!!!
Report suspected Phishing attacks to any of the following Web sites and email addresses:
Internet Crime Complaint Center
(a joint project of the FBI and the National Collar Crime Center):
As always, if you need more information, contact me.
Don’t get taken hook, line and sinker!