Focus on Phishing
September 10, 2012
Phishing is an illegal attempt via phone, mail or internet to gain the personal information of a company or individual. Phishers impersonate a legitimate enterprise or real person in an attempt to gain usernames, passwords, account information and credit card numbers to use for illegitimate purposes.
Phishers are responsible for many high-profile data breaches yet their attacks are not limited to large organizations. “Spear-phishing” is an attack targeted at a specific individual or company.
Although the practice is widespread, there are several ways you can protect yourself:
- If you receive a suspicious telephone call from a known organization, verify its authenticity before providing any personal information by calling the company. Be sure to look up the company’s phone number using a legitimate source such as the company’s website or a phone book listing.
- Avoid clicking on links (especially unsolicited jokes) that come from an instant messenger application or e-mail. This could lead to the installation of a malicious “Trojan” program that infects your PC.
- Be wary of pop-up ads.
- Keep your browser up-to-date.
- Consider installing an anti-phishing toolbar.
- Before providing personal information online, ensure the website address begins with “https” and displays a closed lock icon near the address bar. These are indicators of a secure website.
- Watch out for copycat websites and e-mails that deliberately use a name or web address very similar to, but not the same as, the real one.
- Be suspicious of generic solicitations. If you receive a request addressed to: Dear Customer, Dear Friend, etc., it is wise to avoid replying.
- Ensure that your computer has updated anti-virus and firewall protection.
- Stop and think before connecting (i.e., clicking on a link or opening an attachment). Be especially wary if you are being asked to do something immediately as that can be a red flag for trouble. Think twice before providing personal information on the Internet.
- Set up a personalized “phishing phrase” for your online banking profile so that you know the website you’re on is secure.
First Western Trust will never contact you by any means to request your online banking password. If you receive a suspicious e-mail claiming to be from First Western Trust, please forward the message in its entirety to firstname.lastname@example.org.