Cyber Safety Blotter

How do I avoid Phishing Scams

March 6, 2013 12:59 PM

Online job-hunting scams:
Phishing scams might appear as a phony job ad, used to convince job hunters to send them personal information. Cyber criminals post their ads on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.  These sites might also charge fees for services they will never render.  Typically, after a few days the thieves close down the scam and disappear.  Best practices for online job hunters;

• Never provide any non-work related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through email, over the phone, in a fax, or on your resume.
• List your resume on a job site that allows only verified recruiters to scan them and uses a privacy policy.
• Verify a prospective employer, recruiter, or recruiting agency through another source such as the Better Business Bureau or a phone book, and then contact them directly--or better yet, visit them in person at the company location during regular work hours.
• If a prospective recruiter or employer requests a background check, agree to do so only after you have met with them at their company location during regular work hours.
• Beware of anyone who asks you for money up front in exchange for finding work for you. You should never have to pay for "exclusive" job leads or for a job itself.
• If you are paying for job placement services, don't provide credit card or bank information or engage in any monetary transactions unless done in person, onsite, with a prospective recruiter or job agency.
• Carefully evaluate contact information in job ads or related email messages, watching out for spelling errors, an email address that does not feature the company's name, and inconsistencies with area or zip codes.
• Create an exclusive web-based email address and account for all non-personal communication.

Donation Scams:

Natural disasters, political campaigns, and global health issues are often the focus of donation phishing scams. For example, in recent years, cyber criminals have taken advantage of earthquakes and tsunamis to create illegitimate "charity" businesses to help the survivors of these events.

Most of these scams begin with an email message or a post in an online forum asking for donations in the name of well-known, legitimate charities.  When you click a link, you are taken to a phony website designed to trick you into providing your personal financial information.  How to avoid donation scams;

• Be on guard if you receive an unsolicited email message from a charitable organization asking for money. Don't open any attachments or click any links. Manually type the charity's web address into your browser's address bar and make sure the request is legitimate before you donate.
• Double-check the spelling of the organization's website in the address bar before looking through the site. Spoofed websites often use deliberate, easily overlooked misspellings to deceive users.
• On the web page where you enter your credit card or other personal information, look for an "s" after http in the web address of that page. It should read: https://. (Encryption is a security measure that scrambles data as it traverses the Internet.)
• Make sure that there is a tiny closed padlock in the address bar, or on the lower-right corner of the window.
• If you are using Internet Explorer, one sign of trustworthiness is that the address bar turns green and displays both https and the closed padlock.
• Improve your computer's defenses by always using firewall, antivirus, and antispyware software, and making sure to download and install updates for all of your software. Use automatic updates so you don't have to manually install the updates.

 Email to a friend