Firefox, Chrome, and other browsers have had anti-fishing mechanism for a couple of years. These browsers prevent users from going to know phishing sites unless each site is specifically approved. Crackers have found a method to bypass browser security by using email.

In the past emails had a link to a site that stole your information. The site would have a URL that was an easily overlooked misspelling of a common and well known institution (e.g., https://myaccount.backamerika.com/). You would then be asked to enter your account number and password and you were done (in more ways than one). The malicious site had your name, email address (because you clicked on their link), account number, and password. You were redirected to the legitimate site with a message that your login did not work.

Now you will receive an HTML form in your email. You don't click on a link, but just submit the form in whatever email program you use. You are requested to fill out the form and submit it. The browser never detects that the information is being submitted to a malicious site for a variety of reasons. Sites that work like this have been operating for at least several months.

How to Avoid

To avoid getting phished, do NOT fill out any form in an email. You don't really know where the information is going. If you think there is a reason to check on your account, type the institution's web address into your browser. Be very careful of the auto-complete capability of the browser.

How to Recover

If you believe that you have provided account information to someone who should not have it, immediately call the bank or institution. Most all of them have a service line available 24 hours per day. Tell them what happened. The person from the call center should help you through protecting your account.