'Phishing' scams: How to avoid being hooked - and realed in.

Honest Website developers never use these techniques and help fight tham at every turn. Internet Security is in everyones best interest. Report fraudulent email. We want to share this information with our clients.

• They appear to be from trusted banks, retailers or other companies. Citibank is targeted more than any other business; its name was used in almost 500 of the 1,422 unique attacks reported to APWG in June. PayPal, US Bank and eBay names are also used as fronts.
  
  
• The e-mail often says the company needs to verify your information, such as account numbers or passwords, for supposed security purposes.
  
  
• They're slick and well-designed, using official-sounding language and real company logos to make them look and feel authentic.
  
  
• They try to fool you with an address "spoof." In more than 90% of cases, the e-mail address looks like one from a real company. Although the address in the “From” line of the e-mail may contain a legitimate address, it conceals a scammer's address. (Your e-mail program can be set to display "headers" so you can see a false address. Read more in this Slate article on how to detect spoofed e-mails.)

• Scare tactics. Like the SunTrust phish above, it may play on security fears.
  
  
• No name. The mail doesn't address you by name but with a generic greeting, such as “Dear Suntrust.com Customer.”
  
  
• It offers forms to fill out with your personal financial information.
  
  
• It points to links in the e-mail, urging you to click to "validate" or "confirm" your account.

• You may be directed to a legitimate company's Web site. But a crook's pop-up window -- not part of the real site -- will open and ask for your account information.
  
  
• The site itself may be fake, but it will have a similar URL to the real site, fooling you into using it.
  
  
• The site may be fake, but the address window showing its URL will be hidden by a floating window displaying the legitimate company's URL to fool you. (Most of these are static images, so if you can’t click on the window or type anything in it, it’s a good tip-off that the address displayed is a decoy.)
  
  
• The link may trigger the download of a "key logger" to your computer. It's a program that records what you type into legitimate sites, including your passwords and account numbers, then passes them on to the swindlers.

• Be extremely suspicious of any e-mail with urgent requests for personal financial information.
  
  
• Don't fill out forms in e-mail messages that ask for personal financial information.
  
  
• Don't use the links in an e-mail to get to any Web page if you suspect the message might not be authentic. Instead, telephone the company or log onto the Web site directly by typing its Web address in your browser.
  
  
• Don't give your credit card numbers or account information unless you're using a secure Web site or the telephone. Check the beginning of the Web address in your browser's address bar. A secure site should show as "https://" rather than just "http://" (You may also want to click on the window containing the secure address, to make sure you’re not dealing with a floating window.)
  
  
• Beware of e-mail attachments. Don't open them or download any files, regardless of who sent them.
  
  
• Check your bank and credit card statements online on a regular basis. Make sure the transactions are legitimate. Don't wait for a mailed paper statement, which can take up to a month. If you see something suspicious, contact your bank and all card issuers using a phone number you know to be legitimate or by typing in a secure Web site URL into the Internet browser address bar.
  
  
• Use anti-virus software and keep it up to date. Anti-virus software and a firewall can protect you from inadvertently accepting unwanted key-logger files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
  
  
• Keep your computer's operating system up to date and download security patches. These free software patches for your operating system close holes that hackers or phishers could exploit. (You can check for Microsoft patches here: http://www.microsoft.com/security/.)
  
  
• Consider installing a Web browser tool bar to help protect you from known phishing fraud Web sites. EarthLink ScamBlocker alerts you before you visit a page that's on Earthlink's list of known phisher Web sites. Ebay offers a free toolbar that warns you when you might be on a spoofed eBay site.
  
  
• Report the attacks by forwarding the phishing e-mail to the following addresses: spam@uce.gov, reportphishing@antiphishing.org and to the "abuse" e-mail address at the company that is being spoofed (e.g. "spoof@ebay.com").