ahmed
Site Admin
Joined: 29 Jan 2008
Posts: 42
Location: Lagos
|
 Posted: Thu Feb 21, 2008 3:08 pm Post subject: Online/Internet Fraud: What you must know. |
 |
|
What is phishing?
Fraudsters send fake emails or set up fake web sites that mimic Yahoo!'s sign-in pages (or the sign-in pages of other trusted companies, such as eBay or PayPal) to trick you into disclosing your user name and password. This practice is sometimes referred to as "phishing" — a play on the word "fishing" — because the fraudster is fishing for your private account information. Typically, fraudsters try to trick you into providing your user name and password so that they can gain access to an online account. Once they gain access, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.
Learn what to do if you suspect you've been phished
Help! I think I've been phished!
If you think you've given confidential personal information to a phishing site, then follow these guidelines to help prevent your information from being used illegally by fraudsters. Do not delay — fraudsters can move quickly to take over your account and do substantial damage.
I think my Yahoo! ID was phished!
If you think you entered your Yahoo! ID and password at a phishing site, then follow these steps:
Change your Yahoo! password immediately. Here's how:
Type www.yahoo.com in your browser's Address bar.
Sign into Yahoo!.
Go to your My Yahoo! page, your Yahoo! Mail account, or other Yahoo! service you use regularly.
Below the Welcome message, click the My Account link.
Enter your current password.
On the Account Information page, click the Change Password link near the top of the page and follow the instructions.
If your password no longer works, tell us so we can start the account recovery process.
Report the phishing email or web site that tricked you!
To help prevent becoming the victim of a Yahoo!-specific phishing scam, create a Yahoo! sign-in seal to personalize your Yahoo! sign-in page. Learn more about sign-in seals.
I think I gave my bank account or credit card information to a phisher!
If you suspect you might have entered any financial information at a phishing site, contact your financial institution immediately! Change your password as soon as possible before a phisher can lock you out of your account.
You might also want to follow the advice from the Federal Trade Commission (FTC) for identity theft victims.
Learn how to identify a phishing web site
How can I identify a phishing web site?
If you receive an email (or instant message) from someone you don't know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).
Is that web site legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.
Important: If you're at all unsure about a web site, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.
Phishers are becoming more and more sophisticated in designing their phony web sites. There's no surefire way to know if you're on a phishing site, but here's some hints that can help you distinguish a real web site from a phishing site.
Check the web address
Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's Address bar for these signs that you may be on a phishing site:
Incorrect company name. Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look out for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).
http:// at the start of the address on Yahoo! sign-in pages. Check the web site address for any Yahoo! sign-in page. A legitimate Yahoo! sign-in page address starts with "https://." Look for the letter "s" following "http."
Missing slash. To verify that you're on a legitimate Yahoo! site, make sure a forward slash (" / ") appears after "yahoo.com" in the Address bar -- like these examples:
A slash (" / ") after "yahoo.com" can help identify a Yahoo! site.
For example, "http://www.yahoo.com:login&mode=secure" is a fake web site address.
Important: A legitimate Yahoo! sign-in page never starts with "http://geocities.yahoo.com." If you land on a GeoCities page with a Yahoo! sign-in box, report it as a phishing web site immediately.
Be leery of pop-ups
Be careful if you're sent to a web site that first displays a pop-up window asking you to enter your user name and password. Phishing scams may direct you to a legitimate web site, but then use a pop-up to gain your account information.
Give a fake password
If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don't assume the site is legitimate.
Look for your sign-in seal when you sign in to Yahoo!
A sign-in seal is a secret message or image that you select to display in your Yahoo! sign-in box to help protect your account from phishers. Because the sign-in seal is secret between your computer and Yahoo!, you can be sure you're on a legitimate Yahoo! site each time use that computer to sign in to Yahoo!. Just look for the custom text or image you set up. If it's not there, you might have landed on a phishing site. Creating a sign-in seal is fast and easy.
Other web sites, such as those for banks and other financial institutions, may offer a similar feature to help protect you against phishing scams.
Use a web browser with anti-phishing detection
Both Internet Explorer and Mozilla Firefox web browsers have free add-ons (or "plug-ins") that can help you detect phishing sites.
Be wary of other methods to identify a legitimate site
Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked padlock at the bottom of your browser is not a reliable indicator of a legitimate web site. Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.
Learn how to identify a phishing email
How can I recognize a phishing email?
If you receive an email from a web site or company urging you to provide confidential information, such as a password or Social Security number, you might be the target of a phishing scam. The tips below can help you avoid being taken in by phishers.
Important: To be completely safe from phishers, do not click links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the Address bar.
You should consider several factors when deciding whether or not an email is authentic. This example email has some telltale signs of a phisher at work:
1. Unofficial "From" address: Look out for a sender's email address that is similar to, but not the same as, a company's official email address. Fraudsters often sign up for free email accounts with company names in them (such as "ysmallbusiness@yahoo.com"). These email addresses are meant to fool you. Official email from Yahoo! always comes from an "@yahoo-inc.com" email address.
Note: Fraudsters can forge the "From" address to look like a legitimate corporate address (like "@yahoo-inc.com"). Because of this, the "From" address is just one factor to consider when deciding if an email is trustworthy.
2. Urgent action required: Fraudsters often include urgent "calls to action" to try to get you to react immediately. Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The fraudster is taking advantage of your concern to trick you into providing confidential information.
Note: Legitimate companies will never ask you to verify or provide confidential or financial information in an unsolicited email.
3. Generic greeting: Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer" or "Dear Member."
Note: Sophisticated fraudsters can get your name from public records and target you directly, so even if an email includes your name, it may not be authentic. Whether an email addresses you generically or by name is just one factor to consider when deciding if an email is trustworthy.
4. Link to a fake web site: To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company's logo or looks like the real page doesn't mean it is! Logos and the appearance of legitimate web sites are easy to copy. In the email, look out for:
Links containing an official company name, but in the wrong location. For example: "http://www.yahoo.com:login&mode=secure&ib35" is a fake address that doesn't go to a real Yahoo! web site. A real Yahoo! web address has a forward slash ("/") after "yahoo.com" — for example, "http://www.yahoo.com/" or "https://login.yahoo.com/."
Masked links that look like they go to the real web site, but don't. In the sample email, the link says "smallbusiness.yahoo.com," but if you place your mouse pointer over the link, you can see the real address (in the yellow box) — "http://218.246.224.203/yahoo/accountupdate." You usually can see a link's real destination by placing your mouse pointer over it.
Note: All Yahoo! sign-in pages are served over SSL (Secure Sockets Layer), a standard used to encrypt data transmissions. A genuine Yahoo! sign-in page always starts with "https," such as "https://login.yahoo.com." However, the presence of "https" should be only one factor to consider in deciding if a web site is trustworthy, because some phishing sites illegitimately use SSL.
Learn about the other ways to recognize a phishing web site.
5. Legitimate links mixed with fake links: Fraudsters sometimes include authentic links in their spoof pages, such as to the genuine privacy policy and terms of service pages for the site they're mimicking. These authentic links are mixed in with links to a fake phishing web site in order to make the spoof site appear more realistic.
And look for these other indicators that an email might not be trustworthy:
Spelling errors, poor grammar, or inferior graphics.
Requests for personal information such as your password, Social Security number, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
Attachments (which might contain viruses or keystroke loggers, which record what you type).
It can be very difficult to discern a phishing email from the real thing. Remember that if you have any doubt about the authenticity of a web site, close your web browser, reopen it, and type the web site address in your browser's Address bar.
Report a phishing incident to Yahoo!
How do I report a phishing email or web site?
Quickly reporting a fraudulent email or web site helps us better protect you and your fellow Yahoo! members.
Report a phishing email
If you received an email that says it's from Yahoo! or another trusted source but you suspect it might be a phishing email, forward the email to phishing@cc.yahoo-inc.com. For information about identifying potential phishing emails, see How can I recognize a phishing email?
Report a phishing web site
To report a phishing web site to Yahoo!, please use this form. To learn more about phishing web sites, see How can I identify a phishing web site?.
If you know of a web site that is impersonating a company other than Yahoo! (for example, eBay, PayPal, or a bank or other financial institution), we encourage you to report the web site to the impersonated company directly. You might also want to report the phishing web site to the Federal Trade Commission (FTC) at spam@uce.gov, as well as to the Anti-Phishing Working Group at reportphishing@antiphishing.org.
To learn more about phishing, please visit:
The Anti-Phishing Working Group
Federal Trade Commission
OnGuardOnline.gov
_________________
Whatever The Mind Can Concieve, It Can Achieve. The Mind Is A Terrible Thing To Waste. Dare To Dream, Dare To Be Above Board. See You At The Top! |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
