At Computer Courage, we help a lot of customers recover data and passwords, remove viruses and spyware, and restore computer systems.  One thing we can’t help you with, however, is stolen identity and/or stolen funds.  The modern age of computing has brought us many conveniences – I pay almost all of my bills online.  Along with those conveniences come new responsibilities and risks, and having seen the worst of these risks, I’d like to devote this newsletter to helping our readers understand the risk of a dangerous technique called Phishing.

The definition of phishing, according to Wikipedia, is “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.”  This is a long winded way of saying that phishing is an attempt by bad guys to trick you into giving them your secret information.  When a bad guy successfully phishes you, he or she will acquire banking passwords, credit card numbers, email passwords, etc.  This information is very dangerous when put in the wrong hands – it can lead to great expense on your part, inconvenience, invasion of privacy, and identity theft.

What you need to know.  Below are some explanations and guidelines to avoid phishing:

1. Don’t give any information over email when requested.  No bank will ever email you to ask you to verify your information (address, password, credit card info, SSN, etc.)  So you can just plain ignore any such request – it’s bogus.  If you are unsure, you can always contact us.
2. Don’t follow links from suspicious emails.  I’ll go into detail about links in a moment, but for now the safest way to avoid going to the wrong place is to go directly to where you want to go.  Just open up your browser and type in the web address of the institution instead of clicking on the link.
3. Upgrade your browser (Internet Explorer 7 and Firefox 3 are the current versions) and enable the Phishing filter in IE.
4. Run good antivirus software at all times.
5. Watch for sites that don’t use HTTPS security (look got https:// instead of http:// in the URL.)
6. Know your URLS – this is the most complicated but most important.  This is a bit too complicated to explain in an newsletter, so
7. Here’s a great case study of a phishing technique such as described above.  Notice in this one the visible link looks normal, but the link actually takes the user somewhere else.  The lesson is don’t follow links from email.  See an example here.

Remember, your best technique is common sense.  Keep these main philosophies:

1. Be skeptical and cautious with all banking transactions.
2. Avoid opening links from email when possible.
3. Never give your private information for “verification purposes.”
4. Run antivirus software and update your browser.
5. Know your URL structure.

When in doubt, contact us at Computer Courage and we’ll help you with any suspicious emails, websites, or computer behavior.  Thanks everyone and stay safe.

By the way, we’ve moved to 1700 Martin Luther King Jr. Way in Berkeley (at Virginia) to a nicer office, sharing a building with Berkeley’s own internet service provider – LMI.net, come visit any time.