If you want to learn how to spot a phishing site, take the VeriSign Phishing challenge!

http://www.bit.ly/Phishing

I agree – Roboform is not meant as a security measure – it just happened to be the thing that kept me from using the wrong link to log in. You’ve given us lots of great steps to take to be sure we remain safe online. It’s so important when this is your business that you are not vulnerable to this type of malicious behavior.

Thank you for sharing your expertise!

1. Whenever you receive an email regarding any type of account notice, NEVER click on the link. ALWAYS open a new browser window, and type in the URL (such as http://www.ebay.com, http://www.paypal.com, etc) to access the site.
2. Once logged in, verify within your account what was stated in the email. Is your balance really low? Is your account really set to expire? This info will typically be easy to verify, but if you are not 100% sure, look for a support link to that site and talk to someone.
3. If you ever accidentally login to one of these sites, then IMMEDIATELY open a new browser window, visit the real site directly and change your password. When you accidentally login at the fake site, hackers often immediately attempt to login to the real site using this info. Even if you guessed the wrong password, they’ll make hundreds (sometimes thousands if it’s a “bot”) of attempts to login using variants of what you typed into their page.

In a recent vulnerability review, a client accidentally logged into a phishing site disguised as Ebay.com. Within 24 hours, we verified that the bot not only logged into their Ebay account, but also used variants of his credentials to access his 401k investment site, made hundreds of login attempts to his online banking account (bots will use your account to guess logins at nearly every major banking website) and ended up securing several secure pieces of information such as birth date, mother’s maiden name, place of birth, etc.

Several steps took place over a 4 day period to re-secure his accounts, but a great deal of damage had already been done. So Jeanette, even if your wrongly-typed passwords are legitimate ones at other sites, take action now to change passwords at other websites that use that password or variants of it. Take this advice seriously, I see hundreds of reports per day of these phishing bots logging into several other websites and accounts, not just the one listed in the phishing email.

In summary, you need to get in the habit of accessing secure sites directly, don’t rely on links within emails no matter how comfortable you are with them. By doing this, you don’t need to rely on a third-party tool to protect you. Make these steps a habit, because often times critical data is at stake.

Thank you,

Stan

This post was mentioned on Twitter by jeanettecates: New!: Phishing Email Catches Me! http://bit.ly/18LlsB #techtamers…