Tuesday, August 30, 2005


There is an article in the Wall Street Journal warning people about phishing and telling them how not to be a victim of it.  So, what is phishing you ask?  It's a request for personal information which appears to come from a valid source, but which comes from a bad guy wishing to steal your identity and/or money.  It's like fishing.  The bad guy casts out baited email into the river of email recipients.  He gets some bites from ignorant and/or stupid people who respond by giving him the information he asks for.

I'm not sure how much education can stop people from biting the bait.  The stupidity of the general public can not be....  Anyway, here are the hints from the WSJ.

Don't respond to e-mails asking for
personal or financial information -- passwords, account numbers, Social
Security numbers, and the like.

Don't click on links in emails from
financial institutions and other organizations that have your personal
information, and don't paste those links into your browser.

Don't taunt phishers by following
their links and giving them false information -- a visit to a fake site
can trigger a "drive-by download" of crimeware.

Don't download or open files attached to emails purporting to be from financial institutions, eBay, PayPal, and the like.

Don't trust phone numbers in emails. These can be faked, too.

Basically, if email from a financial institution
or organization that has your personal information does anything other
than inform, don't trust it. We hate to say that, because such email
communications are supposed to make life easier. But until basic flaws
with email and the Web are fixed, it's not worth the risk.
Enough don'ts.

What should you do?

If you think a communication requiring
you to take action might be legitimate, type in the organization's Web
address yourself from a new browser or call. Again, don't copy the Web
address from the email or trust a phone number supplied by it.

Send emails you think might be
phishing to reportphishing@antiphishing.org and to the organization
mentioned in the phishing email. Most organizations also offer an email
address, such as spoof@ebay.com, that you can write to.

Make sure your Internet connection is
protected by a firewall, your PC is protected by antivirus software,
and run antispyware software periodically to check for malicious
programs on your machine.

For more information and tips, see the following sites:

The Federal Trade Commission's consumer alert on phishing, which includes information about what to do if you are scammed.

The Anti-Phishing Working Group's tips for spotting phishes. The group also has tips for what to do next.

Microsoft's tips on preventing phishing;

Tips from the Washington Post;

Take Mailfrontier's quiz
and see if you can separate the phishes from the legitimate email
communications. Most importantly, read their tips. You'll probably wind
up hopelessly paranoid about links in email. That's good.

No comments:

Post a Comment