What to do with “phishy” e-mail

Posted by on April 6, 2011 @ 9:03 am in Personal finance

Many of us—myself included—recently received alerts from banks and major retailers notifying us that our names and e-mail addresses had been “hacked” as a result of an attack on a third-party service used by these businesses to handle e-mail distribution. (Vanguard was not one of the companies affected.)

I wasn’t happy when I was informed, of course, but at least I’m not helpless. And neither are you.

Basic security practices can go a long way toward ensuring you aren’t a victim of “phishing” or “spear-phishing”—that is, stealing your personal information online by pretending to be someone else, like a trusted bank or retailer. By singling you out and posing as someone you’re familiar with, talented scammers have a better chance of getting you to respond.

Start by being suspicious of every e-mail you receive. If you don’t know the sender, don’t open it. Even if you do know the sender, don’t open attached documents or links unless you’re expecting them—or have very solid reasons to believe they’re legit. That’s especially true if the e-mail asks you to “update your personal information,” “confirm a transaction,” and so forth.

Also beware attachments described as meeting agendas or invoices, as both have been used in recent phishing attacks. Simply clicking on an attached document can release “malware” onto your computer, resulting in a host of destructive activities. Good malware and spyware protection systems can often detect such attacks, but they’re not foolproof. Your computer’s Delete key is a powerful weapon—use it. Otherwise, you may make some fraudster very happy.

Anyone who asks you to give away personal information in an e-mail may just be inviting you to be defrauded. Before clicking a link in an e-mail message, take a few seconds to research the URL. Try typing it into your browser address bar instead of clicking it. Above all, don’t give out personal information—including website user names and passwords—to any person or organization that requests it through e-mail.

Vanguard and other reputable organizations do not request personal information by e-mail. (Learn more about online security at Vanguard.) If you make a practice of never answering such requests, you’ll reduce your chances of handing over the keys to your financial resources to those who would misuse them.

%d bloggers like this: