Spring is tax season in the United States, but that also means it’s the heart of the phishing season for Internet crooks.
According to the Merriam-Webster online dictionary, Phishing is "a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly" 1.
Linda McGlasson at Government Information Security Blogs recently provided an excellent list of things to avoid in your e-mail inbox so you don’t get hooked by phishers’ subtle tricks:
Be a smart cybercitizen. If it looks fake, delete the message without opening it. If an e-mail seems legitimate and appears to come from a trusted source (such as the government), call the source directly rather than simply giving them certain information over the Web.
Look closely at the URL (web address) of any site you think you should click on. If any strange or extra numbers are added BEFORE the dot com, it is not a legitimate site. For example, www.mybank.xyz.com is not a link to MyBank—it’s a link to XYZ.com, and that could be a mock up of a website that looks exactly like MyBank’s site.
See the short security video here for more examples and information 3.
1 "Phishing." Merriam-Webster Dictionary. Retrieved from http://www.merriam-webster.com/dictionary/phishing
2 McGlasson, Linda. "It’s Phishing Season; Beware These Scams" (18 February, 2010). Government Information Security News. Retrieved from http://blogs.govinfosecurity.com/posts.php?postID=451&rf=021810eg.
3 Retrieved from http://www.youtube.com/watch?v=Cyz90LRl2eQ&feature=player_embedded