In this report
An improving picture
New threats are insidious
Talk the talk
State of the Net 2008
Don't get caught by phishers
Get real-world advice from others about choosing a new computer, printer, peripherals, etc.

September 2008
send to a friend printable version
Don’t get caught by phishers
Image of an e-mail from Chase
DON'T BITE   This actual Chase e-mail links to a log-in page for the recipient's account; so do many phishing attacks.
Of all the Internet risks, phishing has been the toughest to thwart because it’s often almost impossible for a consumer to tell a phony e-mail from a legitimate one. That’s why the Federal Trade Commission says you shouldn’t click on links in an unsolicited e-mail to access a financial account. Yet most respondents to our survey don’t follow that advice, partly because they’re tempted by offers like this one that Chase Online recently sent account holders. (In a recent spam study, security software maker McAfee found phishing attacks that used Chase’s name to be the most prevalent type worldwide; a Chase spokesperson told us that the e-mail shown was genuine.) The e-mail contained the recipient’s name and part of his account number, but a prominent link took us to an insecure page where we could log in by entering a user ID and password.

If this e-mail had been fake, it could have been used to steal the recipient’s credit-card number, savings account, or identity. Unless you’re absolutely sure of the source of such an e-mail, access your account only on your own directly through a browser or call the company at a phone number you’ve verified.