Skip to main content

Tech Tips - What password phishing is ?

 

What password phishing is?

Phishing – is an attempt to steal your password and private account information. Phishers set up fake web sites that look like those of trusted companies like Yahoo!, Gmail, Hotmail Etc..  to trick you into disclosing your user name and password. These pages can look nearly identical to the real thing, so it can be hard to tell that you are on a phony site.

 

How do I report a phishing email or web site?

Quickly reporting a fraudulent email or web site helps us better protect you and your fellow members.

Report a phishing email

If you received an email that says it's from Yahoo! or another trusted source but you suspect it might be a phishing email, please report it to the respective domain administrators / security centers ASAP . For information about identifying potential phishing emails se the below documents.

How can I recognize a phishing email?

If you receive an email from a web site or company urging you to provide confidential information, such as a password or Social Security number, you might be the target of a phishing scam. The tips below can help you avoid being taken in by phishers.

Important: To be completely safe from phishers, do not click links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the Address bar.

You should consider several factors when deciding whether or not an email is authentic. This example email has some telltale signs of a phisher at work:

Description: http://us.i1.yimg.com/us.yimg.com/i/us/str/gr/spoof-email.gif

1. Unofficial "From" address: Look out for a sender's email address that is similar to, but not the same as, a company's official email address. Fraudsters often sign up for free email accounts with company names in them (such as "ysmallbusiness@yahoo.com"). These email addresses are meant to fool you. For example any Official email from Yahoo! always comes from an "@yahoo-inc.com" email address.

Note: Fraudsters can forge the "From" address to look like a legitimate corporate address (like "@yahoo-inc.com"). Because of this, the "From" address is just one factor to consider when deciding if an email is trustworthy.

2. Urgent action required: Fraudsters often include urgent "calls to action" to try to get you to react immediately. Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The fraudster is taking advantage of your concern to trick you into providing confidential information.

Note: Legitimate companies will never ask you to verify or provide confidential or financial information in an unsolicited email.

3. Generic greeting: Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer" or "Dear Member."

Note: Sophisticated fraudsters can get your name from public records and target you directly, so even if an email includes your name, it may not be authentic. Whether an email addresses you generically or by name is just one factor to consider when deciding if an email is trustworthy.

4. Link to a fake web site: To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company's logo or looks like the real page doesn't mean it is! Logos and the appearance of legitimate web sites are easy to copy. In the email, look out for:

·         Links containing an official company name, but in the wrong location. For example: "http://www.yahoo.com:login&mode=secure&ib35" is a fake address that doesn't go to a real Yahoo! web site. A real Yahoo! web address has a forward slash ("/") after "yahoo.com" — for example, "http://www.yahoo.com/" or "https://login.yahoo.com/."

·         Masked links that look like they go to the real web site, but don't. In the sample email, the link says "smallbusiness.yahoo.com," but if you place your mouse pointer over the link, you can see the real address (in the yellow box) — "http://218.246.224.203/yahoo/accountupdate." You usually can see a link's real destination by placing your mouse pointer over it.

Note: All Yahoo! sign-in pages are served over SSL (Secure Sockets Layer), a standard used to encrypt data transmissions. A genuine Yahoo! sign-in page always starts with "https," such as "https://login.yahoo.com." However, the presence of "https" should be only one factor to consider in deciding if a web site is trustworthy, because some phishing sites illegitimately use SSL.



5. Legitimate links mixed with fake links: Fraudsters sometimes include authentic links in their spoof pages, such as to the genuine privacy policy and terms of service pages for the site they're mimicking. These authentic links are mixed in with links to a fake phishing web site in order to make the spoof site appear more realistic.

And look for these other indicators that an email might not be trustworthy:

·         Spelling errors, poor grammar, or inferior graphics.

·         Requests for personal information such as your password, Social Security number, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.

·         Attachments (which might contain viruses or keystroke loggers, which record what you type).

It can be very difficult to discern a phishing email from the real thing. Remember that if you have any doubt about the authenticity of a web site, close your web browser, reopen it, and type the web site address in your browser's Address bar

 

Comments

Post a Comment

Please write your comment

Popular posts from this blog

Tech Tips - Turn on Delegate Access

Turn on Delegate Access A delegate automatically receives Send on Behalf permissions. This means your delegate can do the following: ·          Respond to a meeting request sent to you, the manager. ·          Receive meeting request responses sent to you, the manager. ·          Compose and send an e-mail message that, when received, will have Delegate Name   on behalf of   Manager Name   next to   From . By default, the delegate can read only the meeting requests and responses sent to the manager. The delegate does not have access to read any other messages in your   Inbox . 1.      On the   Tools   menu, click   Options . 2.      Click the   Delegates   tab, and then click   Add . If the   Delegates   tab or the   Add   button is mi...
Post a Comment
Read more

How do I choose my password?

How do I choose my password? Your password is more than just a key to your online account. If your password falls into the wrong hands, someone can easily impersonate you while online, sign your name to online service agreements or contracts, engage in transactions, or change your account information. So, choose your password carefully and then keep it safe from others. A password is like a toothbrush: Choose a good one and don't share it. A Yahoo! password can be any length, and can contain spaces, symbols, or numbers. With so many options, you should be able to come up with a password that's easy for you to remember but impossible for someone else to figure out. A password is a secret that only you should know. Here are some tips for choosing a strong password - one that is difficult to guess. . Choose a password you'll remember. It should be memorable for you (so that you don't have to write it down or leave it in the open), but difficult for others to guess....
Post a Comment
Read more

Tech Tips

Change the ruler's measurement units for comfortable form and report design   The ruler is a great way to ensure that your reports print accurately or your form controls are right where you want them. However, you may not know exactly what measurement units Access' ruler indicates. If you're more comfortable with the metric system (centimeters instead of inches), you can adjust your ruler permanently. Or, if you have Access 2003, you can simply input measurements in your preferred unit. To change the ruler's units of measurement: 1. Access your Windows Control Panel, which you can usually find on the Start menu. 2. Double-click on the Regional And Language Options icon. If you're using Windows XP's Category view, just click on Date, Time, Language, And Regional Options and then click on Regional And Language Options. 3. In the Regional And Language Options dialog box, select the Regional Options tab, if necessary. 4. Click the Customize button to display the Cus...
Post a Comment
Read more