Securing Your ID/Password and Phishing
Here is a definition of phishing from Wikipedia: Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
An ID/password combination, when established by a reputable business, is intended for use only when you the user specifically go to the site of the service offered by the business. No one should ever ask for an ID and password in an unsolicited manner.
Here is a key concept. If you are trying to do business with a reputable company, and you initiate the conversation or transaction, and you have not made a mistake in the telephone number or URL (web address), the likelihood is good for reliable, safe communication.
In rare cases, a reputable business may ask for a password. For example, one cellular telephone carrier will set a password on an account if the owner wants to assure that no one but the owner is allowed to make a change to the service. This is fairly uncommon and is an explainable instance where a business will ask for a password.
If someone requests credential information from you and you did not initiate the interchange, you should terminate the communication. That means, hang up the phone, delete the email, or close the browser window.
To report a phishing email, please forward it to email@example.com.
Examples of phishing:
- An email supposedly from a bank, including a logo and official looking form asking you, for whatever reason, to enter your ID/password, possibly with other credentials, into a form, or by email reply.
- A "lawyer" from the U.K. who wants you to help get a large sum of money from an inheritance.
- A "friend" from Nigeria who needs your help to get a large sum of money out of the country.
- A "webmaster" who needs your credentials to restore your account to usable state.
- A "help desk" who needs to re-enable your account that they say is currently blocked.
- The list can go on and on.
You should delete these types of emails, or close the browser window where it is requested. A legitimate business will never ask you to enter your ID and password in an unsolicited fashion. Your ID and password should only be used by you to log in to a valid, legitimate, safe service where you can verify that the URL in your browser is pointing to the correct address for that business you are trying to reach.
Following is text from an actual phishing attempt:
Due to the numerous phising and spam attempts on the institution’s email system, The webmaster is currently performing a system upgrade so as to protect you from future phishing and spam attacks. Kindly reconfirm your webmail credentials with the webmaster through the below means for full upgrade.
Simply click Reply, fill in the following required details then click send and it will be delivered to the webmaster’s help desk for assistance.