How to avoid
BE SUSPICIOUS OF any e-mail, text message or phone call with urgent requests for
personal financial information.
Don’t use links in an e-mail, instant
message or chat to get to any Web page
if you suspect the message might not be
authentic or you don’t know the sender.
Call the company or log on to the website
directly by typing a verified Web address
in your browser.
Here are samples of actual phish- ing attempts using Costco’s good name to lure victims. Be aware! Costco does not send out e-mails like this.
Kaiser notes, “One of the biggest risks to a
business is if an employee goes to an infected
website and then downloads malicious software that’s a keystroke logger that then collects the log-on and password information to
the small business’s bank account.”
Monitor advertising. “If you sell advertising on your site, be very sure that the people who are [purchasing] the ads are people
who are aboveboard. Cyber criminals are putting up fake click-through ads,” says Kaiser.
Don’t forget domain names. “If you
have multiple domain names, be sure those
domains have not been hacked,” says Kaiser.
“Sign up with a domain name company that
provides active notification any time a change
is made to contact information. And make
sure any links to the core website have not
Kaiser cautions that businesses that lose
money due to phishing may not be covered as
consumers are. Since cyber law is still devel-
oping, he adds, “Businesses, if they’re not pro-
tecting certain pieces of information [that
lead to a consumer’s loss of identity or
money], could be liable.”
Leigh Fulwood sums it up: “Our goodwill
and our trademark are built one customer
interaction at a time. And when something
like [phishing] happens, the victim will never
completely disassociate us from the problem.”
And don't think that phishing just hap-
pens online. Beware of bogus text and phone
messages, too. C
THESE SITES OFFER information and tools
to help you stay safe online.
• National Cyber Security Alliance,
• Anti-Phishing Working Group,
• Tips from the United States Computer
Emergency Readiness Team,
• McAfee’s Cybercrime Response Unit,
Avoid filling out forms in e-mail messages that ask for personal financial information. Communicate information such as
credit-card numbers or account information
only via a secure website or a verified telephone number.
Ensure that you’re using a secure website when submitting credit-card or other
sensitive information via your Web browser.
Enter the address of any banking, shopping,
auction or financial transaction website
yourself, and do not depend on links.
Phishers can forge the yellow lock icon you
would normally see near the bottom of your
screen on a secure site. When double-clicked, the lock should display the security
certificate for the site. If you get a warning
that the address of the site does not match
the certificate, do not continue.
Look at the address line. Scam sites may
show “https://” and/or the security lock icon.
A variation of the URL, i.e.,
offer.com, usually denotes a scam site.
Install a Web browser tool bar to help
protect you from known fraudulent websites. Tool bars match the website you
are going to with lists of known phisher
websites and will alert you. Some popular
browsers already include them.
Regularly log into online accounts.
Check bank, credit-card and debit-card
statements for illegitimate transactions.
Ensure that your browser is up-to-date
and security patches are applied.
Always forward phishing or
“spoof” e-mails to:
• The Federal Trade Commission, at
• The “abuse” e-mail address at
the company that is being spoofed
(Costco-related scams should be sent
OCTOBER 2010 ;e Costco Connection 27