Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Read a little about the book here:

Employees are allies, not the adversary

--OR--

Check out the Kickstarter here (click)
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

Phishing

Phishing is an extension of an old scam where someone would call you pretending to be from your bank or the hospital and try to scare you into giving them information.

"Mrs. So-and-so, I'm Bill from the bank. Your account has been emptied and we're concerned that it wasn't actually you who did it. We can replace the funds, but we'll need to verify your identity. Please tell me your name, address, phone number, social security number, mother's maiden name, blood type, the time and duration of your last period (etc. etc.).

Here are some of the various types of phishing and what to do about them:

Account Phishing

Say a bad guy gets an e-mail from his bank warning of scams going around and to be careful not to fall for them. By copying the letter and just changing the end to list a link "for more information", he can easily have a very authentic looking e-mail to mass-distribute and hopefully con people with.

A fake e-mail...
...that leads to a fake website

Regardless of the form of the e-mail, the content tends to be very similar. Something's wrong with your account and you better log in quickly to find out what it is. The problem is that if you follow the link, the site you go to might look exactly like the real site, but it's actually a fake under the control of the bad guy.

Once you enter your name and password, you'll be redirected to the real site and will probably never realize that you just handed someone your login name and password. So when they told you that your account was empty, they were lying, but because you fell for their trick, soon it will be.

A phishing e-mail that's trying to get you to open an attachment. Don't fall for it!

Prevention

The simple solution is to never follow any link from an e-mail that claims to have come from your bank, your social sites, or anywhere else you have an account. Instead, open a browser window and go to that site or service directly (but make sure to use my search engine trick if you don't have it bookmarked). If the information in the e-mail about your "account being suspended" or whatever is true, you'll be able to find out by logging in normally or just calling the company.

The same goes if they want you to download an attachment, call a phone number, or make security changes to your computer. All of these can hurt you and help them if you don't verify the information before acting!

Spear Phishing

It's pretty easy to ignore an e-mail from a bank you don't even bank with. But what if the fake e-mail used your actual bank and addressed you by name? They might even refer to a recent communication you had with a real bank representative. Most people are far more likely to fall for a con that starts with authentic information.

Prevention

There are many ways bad guys can get that kind of data and you should do your best to prevent that, but the simple solution is the same as before:

When asked to call a number, follow a link, download a tool or attachment, or any other similar activity in an e-mail, just validate the message before acting on it!
email Tutorial
prev: E-mail Viruses|INDEX|next: Nigerian Scam

E-mail Dangers

Until we find out who the people are who actually buy things from spammers and kick them off the Internet, you're going to have to learn how to deal with and prevent spam.
E-mail Viruses - Learn how viruses are spread through e-mail and how to stop them
Phishing - Spot and avoid lures that pull you into the dark side of the web
Don't be one of those people that loses thousands of dollars to the classic Nigerian Scam.

E-mail Etiquette

Use CC only when necessary and BCC the rest of the time.
Use Reply-All when you mean to and never when you don't.
Practice proper E-mail Forwarding to protect privacy and make e-mails more readable.
Always personalize your e-mails to make it obvious to your recipient that it's valid.

E-mail Tips and Tricks

Using E-Mail Aliases Properly - Be careful about using sensitive data (like your real name) in an e-mail account.
Remember to treat your e-mail account with the security it deserves.
Use a decoy e-mail account to keep your main e-mail account free of spam.
Avoid using any Internet provider's default e-mail.

Share This

Have a Comment or Question?

2 Comments to “Phishing”

» Comments RSS Feed

is it possible to make som kind of phishing security, where u have to be ip-recognized. so that all web-sites should ask for permission to become a real web-site?

    It definitely is possible though that would require cooperation between certain large companies and the mail systems. However, I’ve already seen some of this in Hotmail, but I stopped tracking it when Hotmail started getting worse and worse with every update. Stupid Hotmail.

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

seminar destroy Tutorial
|INDEX|next: The Consequences of Posting Online
Online Addiction: From gambling to surfing and online gaming, people can destroy themselves and others with online addiction.
Posting Online: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Protecting Photos: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Getting Tricked: You WERE doing fine... until someone convinced you to install a virus or give away your passwords. Don't fall for it!
Account Hijacking: One of the most common security risks today is people getting their accounts taken over and then used to trick their friends and family.
Trusting Webservices: An online service promises they'll 'Never abuse or misuse your data' and you believe them? Think again.

... or check out any of my other guides and tutorials by clicking here!

Preventing Spam

Spam is annoying and worthless, but you still see it every single day. Here are some tips for preventing and reducing spam.

[Click for full description]

E-mail Viruses

Make sure that viruses don't sneak onto your computer through your e-mails. Read some simple tips to prevent that from happening.

[Click for full description]

Phishing

By far the most dangerous thing you'll find in e-mails is a lie. Sending a bogus e-mail to someone is generally called phishing, but can also be referred to as a Nigerian scam (depending on the goal of the e-mail). Learn to recognize and deal with phishing before it's too late.

[Click for full description]

Nigerian Scam

Many people have lost thousands and even hundreds of thousands of dollars to the classic Nigerian Scam. Don't fall for it!

[Click for full description]

How to Use "CC" Properly

Don't violate people's privacy and invite spam into their accounts by CC'ing all your contacts. Learn the proper way to send mass e-mails first.

[Click for full description]

Reply-All

It's easy to embarass yourself or harm your career when you don't know how to use Reply-All appropriately.

[Click for full description]

How to Forward E-mails Properly

Don't forward e-mails carelessly or you risk looking foolish as best and violating the privacy of all your contacts at worst.

[Click for full description]

Personalize E-mail

Follow this simple rule of e-mail etiquette to help prevent your friends and family from falling for phishing scams.

[Click for full description]

Using E-Mail Aliases Properly

It can be hard to find a good name to use in an e-mail account that hasn't been used and doesn't give away too much information about you.

[Click for full description]

Protecting E-mail Passwords

Your e-mail account is the most important online account you have. Remember to treat it as such!.

[Click for full description]

Using a Decoy E-Mail Account

Why it's very important to use a buffer e-mail account to shield your main account from people and companies that you don't trust.

[Click for full description]

The ISP E-mail Trap

Don't fall for the trap of using the free e-mail account provided to you by your Internet service!

[Click for full description]

Online Addiction

Concerned about online addiction? You should be. Learn the types, the signs, and the preventions.

[Click for full description]

The Consequences of Posting Online

It's fun to post online. What you think, what you feel. But words typed and posted on the Internet can come back to bite you more than anything you could say with your mouth.

[Click for full description]

Photo Safety

You can reveal far more than you intended when you post a photo online. Don't make a critical mistake and check your photos before they're online.

[Click for full description]

Tricks and Scams

Just because you won't willing give up data doesn't mean that I can't trick you out of it. Don't fall for these well known tricks!

[Click for full description]

Account Hijacking

One of the newest threats we face is the risk of someone getting control of your online account and using it against you and the people you know. Do everything you can to prevent that from happening!

[Click for full description]

Trusting Companies

Store, online or off, are not known for being fair and helpful unless it benefits them to be so. Good deals exist, but many are bad deals in disguise. It's not in your best interests to be too trusting with any of them.

[Click for full description]