Security on the Internet

Know who you’re doing business with 

One of the best ways you can protect yourself from fraud and other online criminal activity is to know who you are doing business with. While many Web sites and emails are designed to look professional and secure, there are often telltale signs that can help you identify ones you want to avoid.  The Better Business Bureau has information about online fraud.

Here are some general tips about what to look for and what to avoid.

What to Avoid

  1. Don’t ever respond to pressure to buy. The Internet has no opening or closing time and so shop at your leisure and only buy when you are sure it’s safe.
  2. Don’t provide personal or payment information when requested through email.
  3. Avoid get rich quick schemes.

What to Do

  1. If you have any doubt about a company, check with the Better Business Bureau to make sure the company is legitimate.
  2. Check to ensure Web sites have a posted privacy policy. 
  3. Check refund and return policies before you buy.
  4. Protect your personal information. Never give out your user name or password in email and make sure you don’t use the same password for every site you go to. When you create a password for your financial institution, don’t use that password for any other site.
  5. Only provide credit card information or your social security number on a secured site. Look for the https:// in the URL. Check the URL as you go to each new page. The beginning of the URL, such as should stay the same.

Here is the Better Business Bureau’s Quick Check List 

To help you shop safely online, take the following common sense steps:

  • Don’t rely on a professional looking Web site as proof of a company’s quality or good reputation. 
  • Investigate a company or seller before you buy. 
  • Find out where a company is physically located to help avoid overseas or offshore scams. 
  • Never give out your bank account number, credit card number, or personal information unless you’re certain a company is legitimate. 
  • Pay for your purchases by credit or charge card which can be protected under the Fair Credit Billing Act. 
  • Start with a small, inexpensive purchase to see how the company handles your order. 
  • Find out about a company’s return and refund policies before you purchase. 
  • Always use a secure Internet browser that “encrypts” or scrambles your personal or financial information. 

Phishing, pharming, vishing and smishing


On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information. There are several ways a scam artist will try to obtain sensitive information such as your social security number, driver's license, credit card information, or bank account information. Sometimes a scam artist will first send you a benign email (think of this as the bait) to lure you into a conversation and then follow that up with a phishing email. At other times, the scam artist will just send one phishing email.

Here are some questions to ask if you think you have received a phishing attack:

  • Do you know the sender of the email? If yes, still be cautious before clicking a link. If no, do not click an links.
  • Are there any attachments in the email? If so, is the attachment an executable (a file with the extension .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php)? If so, do not click on the attachment. Even if the file does not contain one of the above mentioned extensions, be cautious about opening it. Contact the sender to verify its contents.
  • Does the email request personal information? If so, do not reply.
  • Does the email contain grammatical errors? If so, be suspicious.
  • If you have a relationship with the company, are they addressing you by name?
  • Have you checked the link?  Mouse over the link and check the URL. Does it look legitimate or does it look like it will take you to a different Web site?

You can use these same questions if you receive a vishing or smishing attack.


Pharming is another scam where a hacker installs malicious code on a personal computer or server. This code then redirects clicks you make on a Web site to another fraudulent Web site without your consent or knowledge. To avoid pharming, follow the basic computer safety guidelines in Protect Your Computer. Also, be careful when entering financial information on a Web site. Look for the key or lock symbol at the bottom of the browser. If the Web site looks different than when you last visited, be suspicious and don’t click unless you are absolutely certain the site is safe.


Unfortunately, phishing emails are not the only way people can try to fool you into providing personal information in an effort to steal your identity or commit fraud. Criminals also use the phone to solicit your personal information. This telephone version of phishing is sometimes called vishing. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to pretend to be you and open new lines of credit. 

To avoid being fooled by a vishing attempt:

  • If you receive an email or phone call asking you to call and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call. 
  • Forward the solicitation email to the customer service or security email address of the organization, asking whether the email is legitimate. 

Though vishing and its relative, phishing, are troublesome crimes and sometimes hard to identify, there are things that you can do to protect your identity.


Just like phishing, smishing uses cell phone text messages to lure consumers in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again just like phishing, the smishing message usually asks for your immediate attention.

In many cases, the smishing message will come from a "5000" number instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.

Do not respond to smishing messages.

Recognize suspicious emails and Web sites that can do you harm 

On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information. There are several ways a scam artist will try to obtain sensitive information such as your social security number, driver's license, credit card information, or bank account information. 

Here are 3 common methods that phishers use in their emails:

  1. Spoofed email address. Don't reply to unsolicited email and don't open email attachments. You might be able to spot suspicious addresses by checking for misspellings or oddities, but this isn't foolproof so always be cautious. 
  2. Suspicious link. When in doubt, never click on a link in an unsolicited or suspicious email. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the email threatens you with account closure if you don't log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over it and looking at the bottom of your browser to see the hidden Web address - if it looks different than the one you see on the surface do not click on it. 
  3. Forged Web site. When you visit a financial site, like your bank or credit card company, type the URL into the browser manually. Use a browser with an anti-phishing plug-in or extension, like FireFox version 3 or higher or Internet Explorer 7 or higher. These browsers warn you about forged, high-risk sites. Phony Web sites mimic real sites by copying company logos, images, and site designs. Malicious webmasters can also use HTML, Flash or Java Script to mask or change a browser address.

Here's what you can do to protect yourself from a phishing attack:

  1. If you suspect you have received a phishing email, please forward it your service provider immediately.
  2. Make sure you subscribe to an anti-virus software and keep it up-to-date. 
  3. Make sure you have updated your Web browser to one that includes anti-phishing security features, such as Internet Explorer 7 or Firefox version 3 or higher. 
  4. Make sure you keep up to date on the latest releases and patches for your operating systems and critical programs. These releases are frequently security related. With some operating systems, you can turn on automatic updates. If you don’t know how to do so, check with your operating system manufacturer. 
  5. Do not respond to emails asking for account, password, banking, or credit card information. 
  6. Do not open up an attachment that claims to be a software update. We will not send any software updates via email. 
  7. Do not respond to text messages or voicemails that ask you to call a number and enter your account number and pin. 
  8. Make sure you have strong passwords on your computer and your account and/or payroll file.
© VVA-Wisconsin State Council 2012-2017          Webmaster: J Mullarkey          Website problems click here.     Sitemap