Sunday, January 31st, 2010 (
2 comments)
Phishing is an extension of an old scam where someone would call you pretending to be from your bank or the hospital and try to scare you into giving them information.
"Mrs. So-and-so, I'm Bill from the bank. Your account has been emptied and we're concerned that it wasn't actually you who did it. We can replace the funds, but we'll need to verify your identity. Please tell me your name, address, phone number, social security number, mother's maiden name, blood type, the time and duration of your last period (etc. etc.).
Here are some of the various types of phishing and what to do about them:
Account Phishing
Say a bad guy gets an e-mail from his bank warning of scams going around and to be careful not to fall for them. By copying the letter and just changing the end to list a link "for more information", he can easily have a very authentic looking e-mail to mass-distribute and hopefully con people with.
Regardless of the form of the e-mail, the content tends to be very similar. Something's wrong with your account and you better log in quickly to find out what it is. The problem is that if you follow the link, the site you go to might look exactly like the real site, but it's actually a fake under the control of the bad guy.
Once you enter your name and password, you'll be redirected to the real site and will probably never realize that you just handed someone your login name and password. So when they told you that your account was empty, they were lying, but because you fell for their trick, soon it will be.
Prevention
The simple solution is to never follow any link from an e-mail that claims to have come from your bank, your social sites, or anywhere else you have an account. Instead, open a browser window and go to that site or service directly (but make sure to use my search engine trick if you don't have it bookmarked). If the information in the e-mail about your "account being suspended" or whatever is true, you'll be able to find out by logging in normally or just calling the company.
The same goes if they want you to download an attachment, call a phone number, or make security changes to your computer. All of these can hurt you and help them if you don't verify the information before acting!
Spear Phishing
It's pretty easy to ignore an e-mail from a bank you don't even bank with. But what if the fake e-mail used your actual bank and addressed you by name? They might even refer to a recent communication you had with a real bank representative. Most people are far more likely to fall for a con that starts with authentic information.
Prevention
There are many ways bad guys can get that kind of data and you should do your best to prevent that, but the simple solution is the same as before:
| | When asked to call a number, follow a link, download a tool or attachment, or any other similar activity in an e-mail, just validate the message before acting on it! |
E-mail Dangers
| Until we find out who the people are who actually buy things from spammers and kick them off the Internet, you're going to have to learn how to deal with and prevent spam. |
| E-mail Viruses - Learn how viruses are spread through e-mail and how to stop them |
| Phishing - Spot and avoid lures that pull you into the dark side of the web |
| Don't be one of those people that loses thousands of dollars to the classic Nigerian Scam. |
E-mail Etiquette
| Use Reply-All when you mean to and never when you don't. |
E-mail Tips and Tricks
Share This
is it possible to make som kind of phishing security, where u have to be ip-recognized. so that all web-sites should ask for permission to become a real web-site?
It definitely is possible though that would require cooperation between certain large companies and the mail systems. However, I’ve already seen some of this in Hotmail, but I stopped tracking it when Hotmail started getting worse and worse with every update. Stupid Hotmail.