What is it?
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users information.
How to avoid phishing?
- Keep antivirus up to date
- Do not click on hyperlinks in e-mails
- Take advantage of anti-spam software
- Verify https (SSL)
- Use anti-spyware software
- Get educated
- Use the Microsoft Baseline Security Analyzer (MBSA)
- Use backup system images
- Don't enter sensitive or financial information into pop-up windows
- Secure the hosts file
- Protect against DNS pharming attacks