Phishing. According to Wikipedia, it is “a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as user names, passwords, and credit card details, by masquerading as a trustworthy entity in an electronic communication.”

The word “phishing” is a play on the word “fishing”, since phishers are “fishing” for information that they can use for fraudulent financial gain.

How can you avoid being a victim of phishing?

First, be very suspicious of any unsolicited e-mail. Even if it appears to be legitimate, read it carefully. Keep in mind that a legitimate business will never ask you to send sensitive information directly in an email.

If the email directs you to a Web link, look at the link carefully. Phishers often use intentional misspellings to direct you to a phony site. Examples would be using the number one (1) instead of the lower case L (l), or using two V’s (vv) instead of a W (w).

Another ploy used by phishers is to use a graphic or image that looks like a link to a legitimate site, but actually misdirects you to the phisher’s site.

A good rule of thumb is never to click on a link in an e-mail. Instead, open your browser and type the URL (Web address) yourself. This will help to avoid any misdirection. As you are typing, look at the syntax of the address. For example, “mybank.com” would take you to the actual site of “My Bank”, whereas, “visit-mybank.com” or “mybank.newsite.com” probably would not.

Once you are visiting a Web site and feel comfortable that it is legitimate, there are additional measures you should take before entering confidential or sensitive information. Is the website secure? You should see the letters “https” in the web address bar. The “s” indicates that the connection has been secured.

Also, you should see a closed padlock image in your browser frame. The exact location of the padlock will depend on what browser you are using. (Internet Explorer and Firefox are the most popular browsers.) The padlock indicates that information traveling to and from the site is encrypted. Make sure that the padlock is in the frame of the browser and not on the Web page itself. Decoy sites often put an image of a closed padlock within the body of the web page to attempt to fool visitors.

If you click on the padlock, you will see security information, including a description of the digital certificate for the site. Make sure the digital certificate has been issued by a trusted Certificate Authority. Be suspicious of most self-signed certificates.

Online banking and transacting business online have become a way of life for most of us. Using the tips above will help keep your sensitive information safe while you conduct your business.

Ginga MacLaughlin is a Certified Public Accountant, a Certified Information Technology Professional, and a Certified Information Systems Auditor with the accounting firm Silas Simmons, LLP in Natchez, Mississippi