|
What
Is Phishing?
Phishing
is a high-tech
scam. The "phisher" uses spam or pop-up messages to trick you into
giving out sensitive information like your passwords, credit card
numbers,
bank account information, or Social Security number.
Funnily
enough, phishing
is nothing new. It used to be known simply as identity theft and the
scammers
usually did it over the telephone. The scammer would call you up and
pretend
to be someone from the bank asking you to confirm your account
information,
credit card numbers, PIN numbers, or passwords. Obviously the scammer
was
limited by the amount of time it took to ring each person, so identity
theft never really took off until the advent of email spam and
websites,
which meant identity theft has become much more profitable and
therefore
widespread. Unfortunately, it is now an everyday occurrence.
Here's
how phishing works
:
The scammer
uses spam to
send the phishing messages. You'll receive an email or pop-up message
that
looks like it's from a business or organization that you deal with –
e.g.
your
Internet service provider
(ISP), AOL, MSN, Yahoo, and Earthlink
your bank e.g.
Citibank,
Westpac
your online
payment service
e.g. PayPal
a government
agency
The message
usually says
that you need to “update” or “validate” your account information, and
there's
usually a threat they will do something bad if you don’t respond within
a short period of time, like close your account or charge you a
fine.
So, you
click on the link
in the email and it takes you to a website that looks just like the
legitimate
organization’s site, but it's a carefully constructed fake. This fake
site
tricks you into entering your personal information. Using this
information,
the scammer can then steal your identity and run up bills or commit
crimes
in your name.
Phishing is
becoming big
business. In September 2003, the US Federal Trade Commission reported
that
"9.9 million U.S. residents were victims of identify theft during the
previous
year, costing businesses and financial institutions $48 billion and
consumers
$5 billion in out-of-pocket expenses."
Phew,
that's a lot of people
and a lot of money!
The biggest
phishing scam
in history occurred in November 2003, when a PayPal phishing message
was
sent to millions of people irrespective of whether they had a PayPal
account
or not. The scammers knew that there would be enough people with PayPal
accounts to make it worthwhile for them.
So you
probably want to know
how to avoid phishing scams.
Change your
attitude and
behaviour towards suspicious emails and pop-up messages. Become more
vigilant.
If in doubt, delete it. That's why MailWasher has a 'Delete' box!
Check
carefully the URLs
(links to websites) within the email by using the preview pane in
MailWasher.
They might be links to fake websites.
Even if it is
from an institution
that you use, like your bank or your ISP, telephone them to confirm
that
they did indeed send out a message. If the message asks you to enter
confidential
information about yourself, such as your password or PIN number, it is
almost certainly a scam. Institutions like these almost never ask for
such
information over the Internet.
Don't give
your account
details to anyone without contacting them first by telephone and making
sure the email is legitimate.
Install
security software.
Nowadays, you need a firewall and an antivirus as much as you need
locks
on your doors at home. You wouldn't go out leaving all your doors open,
would you?
Some
phishing emails contain
software that can track your activities on the Internet without you
knowing
about it, so make sure you're screening your incoming mail with
up-to-date
antivirus software. You need anti-virus software that recognizes the
latest
threats as well as older ones; that can fix the damage; and that
updates
automatically. These products are all good bets:
Panda - http://www.pandasoftware.com/
AVG - http://www.grisoft.com/
Kaspersky - http://www.kaspersky.com/
NOD32 - http://www.nod32.com/
Our own
product, Benign,
protects you even further by rewriting the content of every incoming
email
and renaming or removing any suspicious attachments. We're still
running
our August $1,000 prize draw on Benign, so buy your copy now and you're
in with a chance to win the cash!
a firewall
blocks all communications
from unauthorized sources and helps make you invisible on the Internet.
A firewall is especially important if you have a high-speed Internet
connection.
Hackers love to take over broadband machines because then they can use
them to spread spam even faster!
The best
firewall I've come
across is Agnitum's Outpost Pro.
It's easy to use if you're a beginner and if you're more advanced, it
gives
you lots of different options. See http://www.agnitum.com/
for details.
Finally,
make sure you keep
up-to-date with Microsoft's patches. The latest research shows that an
unpatched Windows XP computer has a life expectancy of less than 20
minutes
before it is compromised. That's less time than it takes to download
the
patches!
So check
out Microsoft's
Update page to make sure you're up-to-date.
Thanks to
Nick Bolton from
Firetrust
for this report.
|