|
4
The Phishing Lure
Phishing
isn't really new -- it's a type of
scam that has been around for years
and in fact predates computers. Malicious
crooks did it over the phone for years.
What is new is its contemporary delivery
vehicle -- spam and counterfeit Web
pages.
Phishing uses email messages that
claim to come from legitimate businesses
that one might have dealings with
– banks, online organizations,
Internet service providers, online
retailers, and insurance agencies.
The messages may look quite authentic,
featuring corporate logos and formats
similar to the ones used for legitimate
messages. Typically, they ask for
verification of certain information,
such as account numbers and passwords,
allegedly for auditing purposes. And,
because these emails look so official,
up to 20% of unsuspecting recipients
may respond to them -- resulting in
financial losses, identity theft and
other fraudulent activity against
them.
Cutting
the Line
Even before Phishing became so prevalent,
legitimate businesses and financial
institutions would hardly ever ask
for personal information via email.
If you receive such a request, call
the organization and ask if it's legitimate
or check its legitimate Web site (use
a search engine to find it).
Look for misspellings and bad grammar.
While an occasional typo can slip
by any organization, more than one
is a tip-off to beware.
If the e-mail refers you to a Web
site, look carefully at the URL. It's
easy to disguise a link to a site.
The longer the URL, the easier it
is to conceal the true destination
address. Other ways to disguise URLs
include substituting similar-looking
characters, so that paypal.com could
be (and has been) spoofed as paypaI.com
or paypa1.com. Similarly, a zero can
be substituted for the letter O within
a URL. Don't click on links contained
in the email if you're unsure whether
the contact is legitimate. Instead,
contact the organization directly
or visit its legitimate Web site (use
a search engine to find it).
4
Pharming for Your Information
Pharming
is a technique used to redirect as
many users as possible from the legitimate
Web sites they'd intended to visit
and lead them to malicious ones. Pharming
involves Trojans, worms, or other
technology that attack the browser
address bar so that when users type
in a "valid" URL they are
redirected to the criminals' Web sites.
The bogus sites, to which victims
are redirected without their knowledge
or consent, will likely look the same
as a genuine site. Unaware of anything
out of the ordinary, you therefore
reveal your password and user name
to criminals.
Don't
Get Hooked
To
help our customers avoid this type
of attack, Astoria Federal introduced
Secure Sign On, an added layer of
online banking security. Secure Sign
On further safeguards your financial
information by displaying a picture
and phrase that you select to let
you know that you are at our legitimate
website and that it is safe to enter
your log-in information. If you enter
your User ID and the next screen does
not show your picture and phrase,
do not enter any personal information.
Instead, re-enter your User ID or
contact us at 1-800-ASTORIA (1-800-278-6742)
and press “3” for online
banking support. As an additional
identity check, we require that customers
answer “challenge questions”
when logging-in from a computer that
our system does not recognize.
4
Additional
Steps You May Take to Protect Yourself
Online
8
Before
entering any sensitive information,
verify that the Web site is secure
by looking for:
4
The Lock Symbol 
Check
the status bar at the bottom of your
Web browser window for an unbroken
lock symbol. This means your personal
information is scrambled, and no one
can read it but the e-business you've
contacted. Double-click on the lock
symbol to view the security certificate.
Make sure the certificate is "Issued
to" the Web site and the "Valid
from" dates are current.
4
"https" in
the Web Site's Address
Secure
sites have "https://" at
the beginning of the address, rather
than "http://." The "s"
stands for "secure" and
indicates the information you send
is encrypted or scrambled, so it can't
be read during transmission.
8 Update
your anti-virus software regularly
to guard against new viruses.
8 Keep
your browser and operating system
up-to-date. Look for programs that
offer automatic updates, including
important security enhancements, and
take advantage of free patches that
manufacturers offer to fix newly discovered
problems.
8 Only
open email attachments if you’re
expecting them and know what they
contain. Even if the
messages look like they came from
people you know, they could be from
scammers and contain programs that
will steal your personal information.
8 Do
not be intimidated by an email or
caller who suggests serious consequences
if you do not
immediately provide or verify financial
information.
8 Use
a personal firewall to limit uninvited
access to your computer, especially
if you have high-speed or an “always
on” connection to the Internet,
such as broadband cable or DSL.
8 If
you store financial information on
your computer, use a password consisting
of numbers and letters, both upper
and lower case.
8 Avoid
using an automatic login feature that
saves your user name and password
and always log off when you’re
finished.
8 Use
anti-spyware and ant-spam software
8 Be
cautious when using public computers,
such as those in coffee houses; or
public networks, such as those in
hotels and airports, to access the
internet . Check with the staff to
verify that their network is secure.
8 Be
sure to read Web site privacy policies
to know your information will be secure,
how it will be used, and if it will
be shared with third parties.
|
