The Walt Disney animation movie Spirit is about a wild, young stallion that won't be tamed. In one scene some soldiers at a fort are trying to break him to ride, but he's bucking everybody off and there's a song being sung about his thoughts-Get Offa' My Back! Well, I want the spammers, scammers, and hackers to "Stay Outta' My Pond (Computer)".

An article in the January 19, 2004 Computerworld explains that the word "phishing" was coined in the sixties by hackers stealing AOL accounts and passwords. By analogy with the sport of angling, these Internet scammers were using email lures, setting out hooks to "fish" for passwords and financial data from the "sea" of Internet users. By 1996, hacked accounts were called phish, and by 1997, phish were traded among hackers as a form of currency-routinely 10 working AOL phish were traded for a piece of hacking software.

Today, online criminals are phishing for people's financial information, by using spam and pop-up messages to deceive individuals into providing credit card numbers, bank account information, Social Security number, passwords, or other sensitive information that leads to identity theft. According to the Federal Trade Commission and ICON's own experts, phishers send an email or pop-up message that claims to be from a trustworthy business or organization with which you do business-your Internet service provider, your online banking services, an auction site you use, or even a government agency. These lures contain links to fake, look-alike webpages where you are instructed to enter the information for which the thieves are phishing.

1. Following are nine suggestions to use for your own protection:
   
   If you are contacted to "verify" an account, do not reply by email--contact the company directly by a phone number you know to be genuine or type in the webpage address you know to be correct. Don't rely on the URL in the address bar of the web browser because that can be faked as well.
   
   
2. Be very careful about a webpage address that contains an @ symbol, such as http://www.google.com@members tripod.com. The computer will attempt to connect as a user "www.google.com" to the server "members.tripod.com". Even though there is no user named www.google.com, the computer would link to members.tripod.com.
   
   
3. If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don't ask for this information via email because email is not a secure method of transmitting information.
   
   
4. If you initiate a transaction to buy something online and need to provide credit card information, etc., look for indicators that the site is secure-a lock icon in the browser's status bar or a URL address that begins "https"--the "s" stands for secure. Information provided to a secure website is encrypted or scrambled so it can't be read by a web lurker.
   
   
5. Review credit card and bank account statements as soon as you receive them to determine if there are any unauthorized charges. If your statement is late by more than a couple of days, call the company to verify your billing address and account balances.
   
   
6. Protective software.

   a. Keep your anti-virus software up to date with the LiveUpDate link--some phishing emails contain dangerous attachments.
   
   b. Download AdAware from the Lavasoft website: http://www.lavasoftusa.com/, keep it updated, and run it frequently to remove malware and tracking programs-these programs send information from your computer to someone who wants to know what website you frequent and what programs you use.
   
   c. Download Spybot Search & Destroy from http://www.pcworld.com/downloads/ to search out spyware and adbots that give you pop-up ads. I'm giving you two legitimate addresses, because there are fake sites that download programs like we're trying to get rid of.
   
   d. If you have a broadband or high speed connection, it's imperative that you have a firewall to block communications from unauthorized persons/programs attempting to take control of your computer.

   MailFrontier at http://www.mailfrontier.com/ has a Test Your Phishing IQ quiz with examples from Microsoft, PayPal, eBay, US Bank, Earthlink, Citibank, and Visa. (Online Editor's Note: Scroll down to Spotlight box on bottom right of page for test link.) You are challenged to identify whether these are legitimate or fraud.

7. Keep your Windows operating system updated with "patches" provided by Microsoft at http://v5.windowsupdate.Microsoft.com/ to fix vulnerable places in the program that hackers or phishers could use.
   
   
8. Be cautious about opening any email attachments regardless of whom they appear to be from.
   
   
9. Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you've been scammed, file your complaint at www.ftc.gov or call toll-free, 1-877-382-4557, and then visit the FTC Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft.

Stay safe and I hope to see you at the next meeting,

Mary Phillips,
President