There are a lot of esoteric variations on phishing schemes, and new flavors are emerging all the time. But here are some tips for basic safety:
• Don't respond to e-mails asking for personal or financial information -- passwords, account numbers, Social Security numbers, and the like.
• Don't click on links in emails from financial institutions and other organizations that have your personal information, and don't paste those links into your browser. Weaknesses in the technical underpinnings of the Internet can let phishers redirect you to fake sites, and just visiting suspect sites could subject you to attempts to put malicious programs -- called "crimeware" -- on your PC.
• Don't taunt phishers by following their links and giving them false information -- a visit to a fake site can trigger a "drive-by download" of crimeware.
• Don't download or open files attached to emails purporting to be from financial institutions, eBay, PayPal, and the like.
• Don't trust phone numbers in emails. These can be faked, too.
Basically, if email from a financial institution or organization that has your personal information does anything other than inform, don't trust it. We hate to say that, because such email communications are supposed to make life easier. But until basic flaws with email and the Web are fixed, it's not worth the risk.
Enough don'ts. What should you do?
• If you think a communication requiring you to take action might be legitimate, type in the organization's Web address yourself from a new browser or call. Again, don't copy the Web address from the email or trust a phone number supplied by it.
• Send emails you think might be phishing to reportphishing@antiphishing.org and to the organization mentioned in the phishing email. Most organizations also offer an email address, such as spoof@ebay.com, that you can write to.
• Make sure your Internet connection is protected by a firewall, your PC is protected by antivirus software, and run antispyware software periodically to check for malicious programs on your machine.
For more information and tips, see the following sites:
• The Federal Trade Commission's consumer alert on phishing, which includes information about what to do if you are scammed.
• The Anti-Phishing Working Group's tips for spotting phishes. The group also has tips for what to do next.
• Microsoft's tips on preventing phishing;
• Tips from the Washington Post;
• Take Mailfrontier's quiz and see if you can separate the phishes from the legitimate email communications. Most importantly, read their tips. You'll probably wind up hopelessly paranoid about links in email. That's good.
(Denny Crane: "Sometimes you can only look for answers from God and failing that... and Fox News".)
Just waiting for the first "I'm trapped in New Orleans, please send $$" e-mail scam to start showing up in my inbox. /sarcasm