Thursday, June 19, 2008

~Phishing~

Phishing isn't really new -- it's a type of scam that has been around for years and in fact predates computers. Malicious crackers did it over the phone for years and called it social engineering. What is new is its contemporary delivery vehicle -- spam and faked Web pages.

Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to come from legitimate businesses that one might have dealings with -- banks such as Citibank; online organizations such as eBay and PayPal; Internet service providers such as AOL, MSN, Yahoo and EarthLink; online retailers such as Best Buy; and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages.
Here's an example of how phishing works. On Nov. 17, 2003, many eBay Inc. customers received e-mail notifications that their accounts had been compromised and were being restricted. In the message was a hyperlink to what appeared to be an eBay Web page where they could re-register. The top of the page looked just like eBay's home page and incorporated all the eBay internal links. To re-register, the customers were told, they had to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother's maiden name. The problem was, eBay hadn't sent the original e-mail, and the Web page didn't belong to eBay -- it was a prime example of phishing.



  • Be suspicious of any email with urgent requests for personal financial information
  • Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle
  • Avoid filling out forms in email messages that ask for personal financial information
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
  • Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too.
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
  • Regularly log into your online accounts ~don't leave it for as long as a month before you check each account
  • Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
  • Ensure that your browser is up to date and security patches applied

0 comments :