They're
Phishing with Stink-Bait: Don't Get Hooked
by Trevor Zion Bauknight
Phishing has gotten out
of control on the Internet; and unfortunately, it has nothing to do with following
a great Vermont band around the country aboard a VW Bus. What
is phishing? It is a relatively new phenomenon in the world of Internet scams,
and it involves the sending of e-mail "alerts" which appear to have
originated at places like eBay, PayPal, banks and other institutions with which
you may have online accounts. These fraudulent alerts warn you that your information
needs to be updated or verified for some reason and they include a link which
looks like a legitimate link where you might update account information or what-have-you.
And this isn't an isolated phenomenon...I get dozens of these every day working
here at cafeid.com. The
funny thing is that when you have the status bar at the bottom of your web browser
visible and you hold your pointer over the link, you can usually see where it
will really take you if you click it; and typically, this is a totally unrelated
domain (often only a numeric IP address shows) run by a scammer out to collect
your personal information. Many people don't notice these details while browsing,
and it has been reported that up to 5% of the "phished" fall victim
to the scam.
Your online
identity is a valuable thing, and is becoming more valuable as more
and more day-to-day activities take place on the Web. People are
paying bills online, making travel plans online and even communicating
their most private, personal feelings online. Anyone who can steal
your online identity (or, more accurately, in this case, con you
into giving it to him) can, for all intents and purposes, *become
you* in order to carry out all kinds of nefarious activities.
Here
are some easy-to-remember ways to avoid the hook: 1)
Keep in mind that legitimate companies don't operate this way. No matter how shiny
the bait, no company (and certainly no bank!) is going to use this method for
this purpose. E-mail is not a secure or 100% reliable means of communication,
and they know this. Just as Microsoft doesn't send out software patches by e-mail,
financial companies don't send out mail bearing fake links for you to follow. 2)
Keep your browser window's status bar visible...glancing at it before you click
a link will very often show you the destination URL without your having to click
and wind up in pop-up hell or some other questionable corner of the 'Net. This
setting is usually changed somewhere under the browser's View menu. 3)
Keep a close eye on your online accounts regularly. You should periodically check
in with your eBay, PayPal and other such accounts if for no other reason than
to change the password. If you change your password regularly, an e-mail feverishly
telling you that your account may have been compromised will be even more obviously
fake than otherwise, and you can laugh at the pitiful scammers as you drag the
message to the Trash. Checking your accounts manually will also give you the opportunity
to see what the latest news may be straight from the horse's mouth. 4)
Whatever you do, don't send personal information via e-mail to anyone you wouldn't
trust acting as you. If you think you may need to check the status of your eBay
account, for example, don't respond to an e-mail asking you to do so; but, rather,
login from the top-level eBay site and navigate to your account. Scammers are
adept at setting up the fake link-target to look just like the corresponding legitimate
page. 5) Keep
your anti-virus and anti-spyware softare up-to-date and active. This is a good
general policy that will help keep your computer free of harmful viruses and spyware.
Some phishing e-mails include attachments meant to run automatically because of
poorly-configured e-mail software or for you to run manually when you're convinced
by the fake e-mail that you should. 6)
You should configure Windows to show filename extensions at all times so that
you can see when an attachment that looks like nice.jpg is really nice.jpg.vbs,
a Visual Basic script that can cause untold headaches. Also, make sure your e-mail
software isn't doing anything crazy with attachments like downloading them automatically.
Opening attachments you're not expecting is generally a bad idea anyway. If
you're concerned that you may already be a victim of a phishing scam, you should
review all your online accounts for unusual activity as well as your offline accounts
with banks, credit cards, etc. Any unusual delay in receiving statements should
raise a flag. You should also file a complaint with the Federal Trade Commission
at http://www.ftc.gov. The FTC maintains a good source of information on e-mail
and Internet scams at http://www.ftc.gov/spam. Forward
copies of phishing e-mails you receive to spam@uce.gov with headers intact so
that they can examine the source of this garbage. Maintaining
an up-to-date computer and a vigilant attitude while browsing will keep your Online
Identity in your hands and, with any luck, phishing will go back to being primarily
something done by nomadic hippies. Visit
Our market is
International,
in Ontario including
the Muskoka area (Bracebridge,
Huntsville, Gravenhurst,
Port Carling,
Parry Sound,
Haliburton,
Minden) Simcoe
County (Orillia,
Barrie, Collingwood,
Wasaga Beach,
Midland, Bradford, Innisfil, New
Tecumseth, and Penetanguishene),
North Bay,
Thunder Bay, Sudbury,
Sault Ste Marie,
The Town of Blue Mountains,
The Kawarthas, Peterborough,
Guelph, Kitchener,
St. Catharines,
Grey County, Owen Sound,
Timmins, Elliot
Lake and Toronto.
It doesn't matter where you are Ontario,
the Maritimes, the Prairies,
Victoria BC
and Vancouver,
British Columbia,
Canada,
USA, Europe
or the World
- we will service your Internet needs and we will help you succeed
on the net.
|
