Section 21.5. Phishing Lures

21.5. Phishing Lures

Phishing is the 21st-century version of a tired old con. You get an email message from eBay (or PayPal, or your credit card company, ISP, or bank) urging you to update or correct your account information. There's even a link considerately offering to take you to the form you need to fill out. Should you do it? Well, would you let a stranger into your house just because he's carrying a clipboard and says the gas company needs to check your furnace ?

In a word, no. Don't even think about it. Don't click any links in the email body. Don't reply to the message or attempt to contact the sender. Even if the email address or URL looks like it's from a legitimate companyPayPal, Visa Card Services, or whateverit never is. These links redirect you to a different Web site, a phony one, set up by the perpetrators to rob you of your passwords, credit card numbers , and even your identity. The perpetrator is just fishing for your personal information (get it?). Unfortunately, these scams go on year after year because people keep falling for them.

As phishing has gotten more sophisticated, software to combat it has also stepped up. Some Internet security suites (like Trend Micro) now include phishing protection. Newer email programs like Mozilla Thunderbird even alert you to suspicious messages (Figure 21-3). The latest browsers, including Internet Explorer 7, also let you know, with all the subtlety of a sledgehammer, when you've visited a Web site that's not what it pretends to be.

Figure 21-3. Phishing lures are cast far and wide around the Internet. Fortunately, newer email programs like Thunderbird are equipped to help you spot scams. Look at the warning bar across the top of this phishy email message. For more tips on managing email, see Chapter 14.

There's a simple way to avoid phishing altogether: Never, ever give a Web site personal information like Social Security numbers, account numbers, or passwords unless you initiated the communication. Ignore any email that asks you to supply personal or financial information. If a legitimate company needs to contact you, it will send you a letter or wait until the next time you log into your account.