By Julie Goldstein At CallFire, cyber security is a major concern and it is a top priority to protect our customer's data. We want to make sure that our clients know how to protect themselves against all sorts of cyber security issues. With identity theft becoming an epidemic on the internet, it is more important than ever to know when you are being directed to a page that is trying to steal (“phish”) your personal information. Identifying a Phishing page is like identifying a copy of a painting. It may look the same as the original at first glance, but when we look closer we start finding little things that aren’t quite right. Here are some things to look for:
- See if the links throughout the page outside of the login / account information input are working. Quite often the only working link on the page is the login portion. Everything else is usually just an image.
- Check the domain. Usually Phishing domains include the name of the business they are posing as, along with other extra words. Another domain name telltale sign is if the name of the business is not included in the Domain itself.
- Another telltale sign is redirecting. If after typing in the given link you see in your browser URL that you are being sent to a different actual link, it is likely to be fake.
- When in doubt, and even just for good measure, you should run a WhoIs search for the domain itself to see if it is hosted on a legitimate server as well as if the owner information matches the business. You can do this by visiting whois.domaintools.com . Remember that the actual domain is what is separated by a dot before the first slash in the URL. For example the domain for "http://www.fivestarmanager.com/chaseonline.chase.com/survey.html?sssl=1" is fivestarmanager.com .
Once you have identified a Phishing Site, you can also report it to the proper authorities to prevent further people from being Phished. The two most important entities to report fraudulent activity to are Google and US-CERT. You can report it to Google at the following site: http://www.google.com/safebrowsing/report_phish/ Reporting it to Google will have the domain blacklisted by Google, through which most American web traffic runs. US-CERT is the government agency in charge of cyber security. They are part of Homeland Security. You can read more about them at http://www.us-cert.gov . You can report phishing links to US-CERT (Homeland Security) by e-mailing it to phishing-report@us-cert.gov