Phishing: The most dangerous
form of Spam
Learn How to Protect Yourself from Security Threats
By
Donald Nelson, copyright 2004
Spam is one of the curses of
the Internet age. But if the clogging of mail boxes with
useless emails was bad enough, unsolicited emails aimed at
tricking you into giving your valuable passwords, banking and
PIN numbers is the most dangerous variety of email that you
will ever encounter. This kind of email is known as “phishing”
because the unscrupulous authors of these messages are fishing
for valuable information which they can use to capture your
online identity.
If you think that you won’t be fooled by such tricks, think
again. Phishers commonly send emails which look like they come
from respected financial institutions, such as PayPal, Visa,
Ebay, America Online. The messages spoof the email address of
the institutions and the letters have the proper logos and
everything. They look real. The subject message usually has a
dire warning: “Your Pay Pal Account (or Ebay, or online bank
account) has been suspended.” “Warning: Confirm Your Online
Banking Account.” These messages look so real, that 5% of
recipients respond to them
Naturally if you have a good amount of money in your PayPal or
online banking account, you are going to panic when you
receive email like this. The first thing to do is to stay
calm. Remember, responsible institutions will never suddenly
suspend your account or ask you to give personal information
in an insecure manner.
Usually the phishing emails will ask you to enter new
information for your account and they will give you urls,
asking you to click through and log into your account. The
urls in the email will look like the log-in addresses for
these institutions, but if you put your mouse over them you
will see that the actual web address is different.
If you get any email of this type the second rule is never,
never click through and try to log in. If you log in with your
user name and password, then phishers have captured your
password. If you go on to fill out other information such as:
bank account numbers, social security number, mother’s maiden
name or driver’s license number then the fraudsters will
really have you.
If you are worried about your online account and want to see
if it is OK. Then go to the home page of PayPal, Ebay or your
bank, and log into your account in the customary way using the
usual url, such as https://www.paypal.com rather than with the
url in the suspectt email. When you get into your account you
will probably see that everything is normal. If your
institution indeed has a message for you, you will find it in
that safe environment without compromising your security. If
you are still in doubt, call up your institution using their
toll free customer service numbers.
PayPal also has a security section where they tell you what to
look for in fraudulent emails. For example, whenever PayPal
sends you an email it will always start off with “Dear Donald
Nelson,” in my case, or whatever name you used when you signed
up. They will not say “Dear Valued Paypal customer.” So log
into the proper areas of your institution and learn as much as
you can about security procedures.
The third thing to do is to report suspicious email . We have
to put these crooks out of business, and that can only happen
if we report fraud whenever we see it. You can get quick
service from PayPal by forwarding email of this type to spoof@paypal.com
. Usually within an hour you will get a reply telling you
whether the email comes from PayPal or not. For other
instances of Phishing, you can report them to the Anti
Phishing Working Group at www.antiphishing.org . This website,
staffed by volunteers, has up to date information about the
latest scams and is doing its best to make the Internet safer
for us.
Finally, if you have given any information to fraudulent
websites move swiftly to protect yourself.
Notify your bank, change your passwords for online accounts,
and watch your online accounts for any signs of unusual
activity. A good guide with useful and detailed information on
what to do if you have given out valuable information can be
found at http://www.antiphishing.org/consumer_recs2.html
So, enjoy the Internet but take precautions and protect
yourself from any devious phishing message which may land in
your mail box.
Donald
Nelson is a web developer, editor and social worker. He has
been working on the Internet since 1995, and is currently the
director of A1-Optimization (http://www.a1-optimization.com),
a firm providing low cost search engine optimization,
submission and web promotion services.
|
