Phishing, as defined by the Internet Crime Complaint Center (a partnership of the Federal Bureau of Investigation and the National White Collar Crime Center), is the use of forged or faked electronic documents emailed in an attempt to cause an unsuspecting recipient to divulge personal, sensitive information such as passwords, credit card numbers, and bank account information.
These documents falsely represent themselves as being from legitimate organizations and in fact there have been some cases in which some fraudsters perpetrating these schemes have falsely impersonated our organization.
Often the email directs the recipient to a website that is set up to steal this information by asking the recipient to divulge sensitive information such as social security numbers, account numbers, credit card numbers and other personal information. Some recipients, believing that the email is from a legitimate organization, may comply with the requests. The fraudster then has the capability to misuse the recipient's personal information. In other instances, the phishing email is simply malicious and designed to inflict damage to the recipient's computer or network by downloading malicious software (malware) on the recipient's computer.
The risk associated with phishing can be lowered as follows:
1. If the request comes in the form of an email, do not open it, do not click on its links, do not open its attachments, and do not reply to it.
2. Install and use anti-virus software, and update it as recommended by its supplier.
3. Limit Internet access for business computers to websites approved for business use and block all other websites.
4. Employ multiple and layered data security tools. Data thieves often know a great deal about one or more data security tools. Experience finds that layering multiple security tools and customizing them to meet the needs of specific industries and companies reduces the likelihood that data thieves will succeed.
For additional information, you may want to visit:
1. Internet Crime Complaint Center, a partnership of the Federal Bureau of Investigation and the National White Collar Crime Center.
2. Anti-Phishing Working Group, a coalition of industry, law enforcement and government entities focused on unifying the response to cybercrime.