1. Be skeptical of any e-mail, and avoid using hyperlinks in e-mail. They may show one address, but take you to another. Delete any e-mails that seek to send you to a Web page via a link in the e-mail’s text. Legitimate e-mails will ask you to go to a specific Web site. Type the address into your browser and make sure what you are typing is the correct address.

2. Make a point to bookmark the pages of the sites you do business with. Use those bookmarks for transactions.

3. On Web pages, mouse over the URL and see whether the address that appears at the bottom of your browser looks related to a page or site you expect to visit. When you arrive at the site, verify that the URL shown in your browser's address bar is the correct one. Pay attention to the part of the URL between "http:// " (or https:// ) and the next slash. Look for tricks such as the use of a zero where the letter O should be. Verify the address, then type it into your browser. Or use a favorite or bookmark.

4. Watch carefully for misspellings and poor grammar, one of the surest signs of a phishing scam.

5. Use a Web browser with site verification tools, such as Firefox (http://www.mozilla.com/en-US/firefox/), or software such as McAfee’s Site Advisor (http://www.siteadvisor.com/), which tests sites and tells users the results via a free download.

6. Report phishing. If you receive a phishing e-mail, forward it to the Anti-Phishing Working Group (reportphishing@antiphishing.org), the Federal Trade Commission (spam@uce.gov), and the company or organization being impersonated. You also can file a complaint with the FBI's Internet Crime Complaint Center at www.ic3.gov

• What is Phishing?
• What is Vishing?
• What is Smishing?
• What is Pharming?
• What is Caller ID Spoofing?
• What is E-mail spoofing?
• What is Website spoofing?
• What is SMS spoofing?

back to top