Microsoft Canada Co.

Microsoft Canada Co.

March 30, 2006 15:59 ET

Don't be 'Phooled' by Online Scams

MISSISSAUGA, ONTARIO--(CCNMatthews - March 30, 2006) - April Fool's Day is traditionally a day to play practical jokes on friends and colleagues. What isn't funny is when you are the victim of a joke or scam, particularly if it is one aimed at stealing your confidential information.

E-mail has become an important part of daily life. Inboxes - and more recently Instant Messaging software - have replaced mailboxes as the way to keep in touch with our friends and family.

But there is a dark side to e-mail. Con artists are also aware of our growing relationship with online communication and they are capitalizing on this trend. Even as you read this, a number of clever and increasingly sophisticated ways to try and gain access to your money or your personal information are being developed. These methods are known collectively as "phishing" - a slang term used by computer hackers to describe the process of fishing for personal data.

As we enjoy the connections e-mail and the Internet provide us, it's important that computer users be aware of the risk posed by phishing and how to spot this malicious practice. Below are some phishing techniques you should be wary of the next time you check your e-mail.

Beware of hoax messages

We're often warned that if something sounds too good be true, it probably is. The same maxim applies to e-mail. The very features that make e-mail appealing - the ease with which we can send and receive messages - also make them appealing to con artists.

Hoax e-mails are a growing phenomenon. They clog your inbox and waste your time. But they're also dangerous and designed to trick you into sending sensitive information. For example - you might receive an official-looking e-mail "notice" from your bank informing you that your savings account is being temporarily closed due to inactivity. According to the sender, all you need to do to re-open the account is e-mail your personal and banking information. Such a message should be treated with caution.

Below are some signs that an e-mail may actually be a scam in disguise:

- You don't recognize the person who sent you the e-mail and instead of your name a generic "Dear Customer/Sir" is used

- You are promised money or other benefits for virtually no effort on your part

- You are asked to provide personal information such as bank data or some sort of processing fee via e-mail

- There is an implied sense of urgency - for instance, a message may warn that "if you don't reply in 48 hours," your account will be closed.

Watch where you click your mouse

In order to appear more professional, many organizations send e-mails that look just like websites, such as their own homepages. These messages may invite you to click on links contained within the message, or even provide a form to complete just as you would on a regular site. Be aware that this type of message could also be a particularly dangerous form of phishing known as "site spoofing".

Spoofing takes the hoax e-mail a step further by cleverly imitating a website you regularly visit for business reasons. The messages often look very professional and mimic the sites you regularly visit. However, the forms and links contained within link to a con artist's computer.

So how can you tell if a site or link is legitimate?

- If the website address contained in the message you click does not take you to the real company's web page, you should be suspicious

- Place your mouse on top of the links (www.examplesite.com) in the message. A small yellow box will appear that contains the link, which should be identical. If it doesn't match, or if it contains numbers (i.e. http://192.168.255.205/), be wary. This is an indication that the link may be bogus

- Spoofers also assume you won't carefully read the message. So be sure to double check the website link - is it examplesite.com, or does it actually read examplsite.com or example-company.com? Even a slight change can mean the difference between legitimate and illegitimate

How to protect yourself

Now that you know more about the risk posed by phishing, here are some ways you and your family can protect yourselves:

Report suspicious e-mail. If you suspect you have received phishing e-mail, report the e-mail to the faked or spoofed organization. Knowing when and where phishing messages are sent can help authorities combat the problem.

Be sure when you click. It can be easy to open a link that's sent to you, but there is no way of ensuring it's legitimate. To be safe, type website addresses directly into a browser or use personal bookmarks.

Look for the little yellow lock. Before you enter personal or financial information into a website, make sure the site is secure. How can you tell? If you use Internet Explorer you can do this by ensuring that a little yellow lock icon appears in the status bar, which is located at the bottom of the page.

Ignore "pop-up" windows. One common phishing technique is to launch a new window - a so called pop-up window - when someone clicks on a link in fraudulent e-mail. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information.

Update your computer software. Tools exist that can protect against phishing. Microsoft, for example, is committed to preventing phishing and ensuring computer users have access to security software. A great resource to check out online is www.microsoft.ca/protect. This sites offer tips and tricks to protect yourself from online scams.

Remember that e-mail and web surfing are normally fun and safe, and the risks you face are relatively low. By employing the same common sense techniques you use when you receive unsolicited phone calls or a knock at the door, you'll help ensure that you and your family do not become victims of online scammers.

Contact Information