Published by: Telegraph.co.uk
Written by: Roger Thompson
This week's phishing attacks on Hotmail, Gmail and Yahoo! Mail, which resulted in thousands of email addresses and passwords being posted online, have worried internet users. But there are some simple steps you can take to avoid becoming a victim of cyber criminals.
Earlier this week, tens of thousands of email address and passwords for Microsoft's Hotmail service, Google's Gmail service and Yahoo! Mail were posted online by an anonymous source. Users of some of the internet's biggest web-based email services had fallen victim to a vast, industry-wide email phishing scam.
Cyber criminals, known as data-snatchers in this case, obtained the passwords by setting up fake websites identical to Hotmail, Gmail and Yahoo!, and tricking users into inputting their username and password information on the site. It is widely feared that the stolen information will be used by to access email accounts and steal personal information.
Incentivised by the increasingly attractive financial rewards of online fraud and identity theft, cybercrime has soared and the proliferation of phishing activity has exploded. New threats are being created every day by data snatchers, all with the same aim – to steal your personal information.
What is a phishing attack?
Put simply, phishing is the criminally fraudulent process of stealing somebody’s personal information online. For example, usernames, passwords and credit card details are all sensitive information that has value to the bad guys.
Cyber criminals steal this information by masquerading as a trustworthy entity in an electronic communication – for example, as an email from a social networking site, online payment processor, bank, or in this week’s case, webmail provider.
Traditionally, the email will then direct the user to enter their sensitive information at a fake website almost identical to the legitimate version. It’s the modern day version of a confidence trick, and it enables data snatchers to collate all your passwords and login information for a variety of sensitive and personal online services.
Internet users can take some simple steps to avoid falling victim to these sorts of phishing scams:
1. Don’t use the same username and password details for multiple accounts – once the data snatcher has access to one account, it will be easy for them to access all the others;
2. Be suspicious of unusual requests to click on web links or download software – if it doesn’t look or feel right, it probably isn’t, so don't click on it;
3. Make sure that you’ve got antivirus software installed. There are lots of free and paid-for options available. However, don’t rely on just antivirus software to be protected. Layers of security are needed to plug all the vulnerabilities of a home computer, so be sure you install a firewall and keep your operating system up-to-date by downloading any security patches;
4. Maintain your guard – even the most fun and enjoyable sites can be dangerous;
5. Look out for strange URLs if you’re diverted to other websites – that's a sure sign that something's not quite right;
6. Install identity protection software – don’t assume that you’re not at risk. Try a free tool, such as AVG LinkScanner.