With the breach of Epsilon, we are going to see a huge influx of phishing attacks before it settles back down to the normal level of tons of phishing attacks. So you aren’t a computer expert, how do you protect yourself?
Don't worry about spotting the phish, it is more important that you do not take the actions that make the attack successful.
There are a few simple rules to follow that will almost certainly prevent you from becoming a victim… if you are diligent.
Fundamentally there are two ways the phishing attacks work. One way is to ask you in email for information such as your password and other personal information. Never give out your password. If the email says there is a security problem with your Hotmail or Facebook account and that you must provide information to prevent being locked out, don’t do it. The email may look legitimate, but it never is. No institution needs to have you respond to an unsolicited email asking for any personal information, ever.
The second way a phishing attack works is to direct you to a web page that asks you to log in. This may be a banking site, an email account, a social networking site, or some other web site. If you click on a link in an email and you are prompted to log in, close your web browser. Yes, this means that when you get an email from Facebook that says there is a new comment, if you click on the link and need to log in, then do not do it. Close your browser, open it again, log into your account and find the message you want to see. Never log into an account from a link in an email. You may be 99.999999% positive that the Facebook email is legitimate, but phishers want their emails to be something you have that much confidence in. Follow my rules and you will foil the phishers.
When you get email offers from Best Buy, the home Shopping Network, your bank or anyone one else, if the link in the email leads to a screen where you must log into your account, don’t do it!!!
Director of Technical Education
Cyber Threat Analysis Center
ESET North America