|
|
|
|
|
|
|
|
|
Phishing: Identity Theft on the InternetPhishing e-mail is very common on the Internet, but a surprising number of people don't know what it is or what to do about it. Any business that lets you shop or make payments on line is a potential phish mask (you are the target). Banks, credit unions, e-Bay and PayPal have been frequent masks. Citibank in particular is the mask for hundreds of these attacks -- not every year but every month. Here's a phish e-mail and how to find its warning signs: The first clue is that you got the e-mail at all. PayPal doesn't have a "Department of PayPal". This e-mail came to the address of an employee who had left the company several years earlier, so it had to be a fake. Most important, notice the e-mail link in the message itself. ANY LEGITIMATE BUSINESS WILL TELL YOU TO LOG IN THROUGH YOUR OWN LINK TO THEIR SITE. THEY WILL NOT HAVE YOU LOG IN FROM A LINK IN AN E-MAIL.There are several other clues. The "Dear" line doesn't even have a member's name but a real PayPal e-mail, directed to a particular account, would have it. Very often, the phish e-mail will also have dire threats about suspending or even closing your account. This one uses an effective "hook" by saying that someone from a foreign IP has accessed the account. Most people with on-line accounts are very aware of the dangers of having their accounts hacked and this will make them want to check it out. And this e-mail even has a warning about not giving out your information from an e-mail! I followed this e-mail to see what would happen -- please just delete yours! Following a phish link is potentially dangerous!
It's a little hard to see, but the address the link went to is different from the legitimate-looking address that shows up in the e-mail itself. The page uses copyright material from PayPal's own website so it has a very authentic look and feel. But the address is a clear give-away. For one thing, it's an HTTP rather than an HTTPS -- the more secure system that PayPal uses for its log-in page.
Notice the log-in page. The hackers have made the address bar look legitimate, but it isn't. I used a fake log-in and a phony password. The real PayPal site would, of course, tell me that my log-in failed. Watch what this one does:
Notice that the page address is the same as the previous page -- a valid website would show you the path down to the page you're viewing. And now we get to the payoff: they want my credit or debit card information. They even want my PIN, something that PayPal and other on-line commerce sites don't use. Another Phishing LureRecently we've seen a spate of bogus e-mail about orders you haven't placed. These often say they are "confirming" an order with a high price tag. Of course you never placed the order. The link that will let you "cancel the order" is just another hook to try for your credit information. This hook has also been associated with a piece of malware called "InfoStealer". In this case, the order details are supposedly in a ZIP file attached to the e-mail. When the victim opens the attachment, the InfoStealer Trojan Horse loads and starts trying to steal valuable information. It's hard to know how many people are being trapped by phish attacks like this. Industry estimates run from 1 million to 2 million a year in the United States. When you get them -- and you will get them -- just delete them. Never use a log-in page that was part of an e-mail with a link. Instead, set up your own "Favorite" to the log-in pages of the businesses you deal with. Internet Explorer 7.0Internet Explorer 7.0 has a new feature that looks very good. When you install IE7, it asks if you want to turn on the Phishing Filter. The Phishing Filter will notify you if you are browsing to a website that Microsoft as identified as suspicious. You can look under the Tools menu in IE7 for the Phishing Filter controls and you can also report a suspect Phishing site this way. Spam BlockingSince all phish are also spam, a good spam blocker will keep a lot of phish out of your inbox. SpamBayes is a leading blocker and you can look for it here: http://spambayes.sourceforge.net/windows.html. Entré Technology Services, LLC |
|
 |
|
