Most of us have spam filters to help shield us from the junk that spammers send us via email, and I really hope that by now everyone knows that those Nigerians needing help “freeing” their funds are really just looking for naïve people to scam. But how well do you think you can spot “phishing” messages?

“Phishing” is an illegal method of tricking someone into providing very personal and sensitive information (like usernames, passwords, credit card numbers and etc.) to people who are not who they say they are. Phishing typically happens through email or instant messages, and these messages may have real business names, real logos and/or legal-sounding language requesting immediate action. The messages often include forms to fill out and return by email or links to fake websites with online forms to fill out.

What makes this phenomenon something to worry about is the ever-increasing sophistication of phishers’ methods. The messages they send look more and more legitimate, which is how phishers deceive people and then hijack their email accounts, drain their bank accounts or do some other harmful and fraudulent act.

Some internet browsers (including Internet Explorer 7 and Firefox 3) include anti-phishing filters, which display a warning if a site you try to visit is suspected of phishing, and some anti-virus and spyware applications also include anti-phishing filters. These filters, however, do not catch everything, so it’s important that you learn some basic strategies to keep yourself safe.

Here are a few warning signs that you can look for when reading messages from people you don’t know personally and from companies. First, look closely at any logos in the message, the “from” address and any website addresses the message asks you to visit. If they look odd or the email or website address is suspiciously long, the message is likely a fake. Second, read the message carefully for odd typos and grammar mistakes. Company CEOs and bank managers don’t send out messages without proofreading them first. Third (and most importantly), don’t trust messages that ask you to provide your username, password or account number in a message.

If you’re still not sure if the message is legitimate, call the person or company using their phone number from your statements or the telephone book and ask them about the message. Or do a little checking online. Snopes.com is dedicated to debunking urban legends and exposing misinformation, and it has a good article about phishing and many examples of past phishing attempts. In addition to reading that, you can also check out Snopes.com the next time you get a suspicious looking email – it’s updated daily with the latest exposed schemes. Simply go to the website and do a search for the company who appears to have sent the message.

Another great resource I found while researching online for this post is a quiz by SonicWall called the Phishing and Spam IQ Quiz. SonicWall’s quiz presents you with 10 email messages, and you examine each one and state whether you think the message is legitimate or phishing. I scored a 9 out of 10 – I was a little too wary, and I thought a legitimate message was a scam. The best part of the quiz is the detailed results at the end. SonicWall shows you each individual message and shows you why it was legitimate or not. You can take the quiz here:

www.sonicwall.com/phishing/index.html

Good luck!

Copyright © 2009, Kathy Keating and TechKathy.com. All rights reserved.