|
What Is Phishing?
Phishing is a high-tech
scam. The "phisher" uses spam or pop-up messages to trick you into
giving out sensitive information like your passwords, credit card numbers,
bank account information, or Social Security number.
Funnily enough, phishing
is nothing new. It used to be known simply as identity theft and the scammers
usually did it over the telephone. The scammer would call you up and pretend
to be someone from the bank asking you to confirm your account information,
credit card numbers, PIN numbers, or passwords. Obviously the scammer was
limited by the amount of time it took to ring each person, so identity
theft never really took off until the advent of email spam and websites,
which meant identity theft has become much more profitable and therefore
widespread. Unfortunately, it is now an everyday occurrence.
Here's how phishing works
:
The scammer uses spam to
send the phishing messages. You'll receive an email or pop-up message that
looks like it's from a business or organization that you deal with – e.g.
your Internet service provider
(ISP), AOL, MSN, Yahoo, and Earthlink
your bank e.g. Citibank,
Westpac
your online payment service
e.g. PayPal
a government agency
The message usually says
that you need to “update” or “validate” your account information, and there's
usually a threat they will do something bad if you don’t respond within
a short period of time, like close your account or charge you a fine.
So, you click on the link
in the email and it takes you to a website that looks just like the legitimate
organization’s site, but it's a carefully constructed fake. This fake site
tricks you into entering your personal information. Using this information,
the scammer can then steal your identity and run up bills or commit crimes
in your name.
Phishing is becoming big
business. In September 2003, the US Federal Trade Commission reported that
"9.9 million U.S. residents were victims of identify theft during the previous
year, costing businesses and financial institutions $48 billion and consumers
$5 billion in out-of-pocket expenses."
Phew, that's a lot of people
and a lot of money!
The biggest phishing scam
in history occurred in November 2003, when a PayPal phishing message was
sent to millions of people irrespective of whether they had a PayPal account
or not. The scammers knew that there would be enough people with PayPal
accounts to make it worthwhile for them.
So you probably want to know
how to avoid phishing scams.
Change your attitude and
behaviour towards suspicious emails and pop-up messages. Become more vigilant.
If in doubt, delete it. That's why MailWasher has a 'Delete' box!
Check carefully the URLs
(links to websites) within the email by using the preview pane in MailWasher.
They might be links to fake websites.
Even if it is from an institution
that you use, like your bank or your ISP, telephone them to confirm that
they did indeed send out a message. If the message asks you to enter confidential
information about yourself, such as your password or PIN number, it is
almost certainly a scam. Institutions like these almost never ask for such
information over the Internet.
Don't give your account
details to anyone without contacting them first by telephone and making
sure the email is legitimate.
Install security software.
Nowadays, you need a firewall and an antivirus as much as you need locks
on your doors at home. You wouldn't go out leaving all your doors open,
would you?
Some phishing emails contain
software that can track your activities on the Internet without you knowing
about it, so make sure you're screening your incoming mail with up-to-date
antivirus software. You need anti-virus software that recognizes the latest
threats as well as older ones; that can fix the damage; and that updates
automatically. These products are all good bets:
Panda - http://www.pandasoftware.com/
AVG - http://www.grisoft.com/
Kaspersky - http://www.kaspersky.com/
NOD32 - http://www.nod32.com/
Our own product, Benign,
protects you even further by rewriting the content of every incoming email
and renaming or removing any suspicious attachments. We're still running
our August $1,000 prize draw on Benign, so buy your copy now and you're
in with a chance to win the cash!
a firewall blocks all communications
from unauthorized sources and helps make you invisible on the Internet.
A firewall is especially important if you have a high-speed Internet connection.
Hackers love to take over broadband machines because then they can use
them to spread spam even faster!
The best firewall I've come
across is Agnitum's Outpost Pro.
It's easy to use if you're a beginner and if you're more advanced, it gives
you lots of different options. See http://www.agnitum.com/
for details.
Finally, make sure you keep
up-to-date with Microsoft's patches. The latest research shows that an
unpatched Windows XP computer has a life expectancy of less than 20 minutes
before it is compromised. That's less time than it takes to download the
patches!
So check out Microsoft's
Update page to make sure you're up-to-date.
Thanks to Nick Bolton from
Firetrust
for this report.
|