Beware the Heartbleed phishermen

How to avoid scams capitalizing on security-bug fears

The Heartbleed security-bug debacle, which has ensnared thousands of companies that use the Web, has affected online businesses privately sending data to and from Internet servers.

Because of the security threat, online users may get bombarded with emails requesting changes to passwords and other security measures to ensure that accounts are protected.

Don't bite.

Zmeel Photography | E+ | Getty Images

Just a few days ago I received an email that appeared to be from the online presentation software company Prezi. The email stated that the firm wanted to "assure you that Prezi took immediate and proactive steps to patch this security hole." In addition, it strongly suggested I change my password, using the instructions that were hyperlinked in the email.

I didn't bite, and deleted the email. After I received a call from Prezi representatives, however, I resurrected the email from my trash folder and discovered it was, in fact, a legitimate communication. This emphasizes the difficulty in discerning genuine communications from fake ones.

Given the relative hysteria, many unsuspecting Internet users may inadvertently succumb to email phishing attacks that use the Heartbleed bug as bait.

Read MoreWhat you don't know about insurance

Phishing is the act of attempting to acquire information — such as user names, passwords, credit card numbers, Social Security numbers and other sensitive information — by imitating a trustworthy entity in an email.

The "hooked" Internet user may be linked to a page that looks and acts like a legitimate corporate Internet home page when, in fact, it's just a façade to capture sensitive information that could be used to facilitate identify theft.

It may be only a matter of time before reports of Heartbleed phishing attacks related to bank accounts, brokerage companies, credit card companies and other financial institutions become more prevalent.

Untitled Document

Sign Up for Our Newsletter Your Wealth

Weekly advice on managing your money
Get this delivered to your inbox, and more info about about our products and services.
By signing up for newsletters, you are agreeing to our Terms of Use and Privacy Policy.

5 tips to avoid getting hooked

As a financial professional, I have come up with 5 tips to pass along to my clients to confound online "phisherman":

1. Never rely on a hyperlink in an email to send you directly to an Internet page. When in doubt, open up a new browser window and either type in the URL you are looking for or perform an Internet search.

2. Never reply to an email that is requesting sensitive information. Sensitive information, such as passwords and user names, should always be handled directly on a vetted website or over a personally initiated phone call.

3. When in doubt, check it out. Even though the sender's name or company name in an email may appear legitimate, close scrutiny is highly recommended before responding in any manner.

4. Guard against spam. Phisherman have an uncanny ability to get people to act through fear-based messaging. A good spam filter should be able to catch unwelcome emails. However, as a golden rule, trust but verify.

5. Continuously check your online accounts and bank statements. Also, obtain one free credit report at every four months to give you a year's worth of credit monitoring at no cost.

Read MoreKeep future Medicare costs in mind

The heightened fear surrounding Heartbleed may have created the panic that phishermen are using to prey upon and exploit unsuspecting Internet users. But don't allow that fear to cloud your common sense when it comes to your own financial safety and security.

The Heartbleed bug has created enough vulnerability on the Internet; don't let a lapse in judgment add to it.

Ed Gjertsen is a certified financial planner and vice president of Mack Investment Securities.