I consider myself to be a careful computer user. I have do not remember ever catching a trojan or virus in at least the last seven years. I carefully surf the web on any of my production computers. Well, I got caught in a simple and easily-contrived phishing scam recently.
An email arrived indicating that the credit card used in my Yahoo pay-per-click advertising account was about to expire. I knew this event was going to happen soon, so I clicked the link and entered my user name and password in the very official Yahoo Marketing login page. The remainder of the process was odd, though. I was not taken to a page with my credit or account information. I chalked it up to a web oddity and made a note to check it out later.
Well later did not come soon enough. When I went back to log into Yahoo I was unable to do so. It all came together in my head – I had been scammed. A call to customer support at Yahoo quickly resolved the issue. The culprit had charged $500 to my credit card and proceeded to setup his keywords and such. Yahoo refunded the $500 and restored my account in just a couple of hours.
How to you prevent this. I now have a habit of not opening any notice directly from an email. I will open a link if a friend sends me a Youtube video or such, but I do not click on a link if it involves my bank, credit card, or any account with monetary value. If any link leads to a login page or any form that asks a personal question then I just close the browser.
Obviously we need to follow up on certain notices, though. The best method is to open a browser and enter the usual address that we use to access the service. Then look in the area of interest pointed out in the email.
This brings up a another valuable point. DO NOT use the same password for every web site. Using a unique password for each web site will minimize your exposure if you do get caught in a phishing scam. I do use the same password for non consequential web sites, but I use a different password for each and every financially related web site. I will follow up with more information about how to manage passwords easily and safely.