| Forwarding Emails: Do Your Homework! | | | | Some phishing scams use JavaScript to alter the |
| Every day I see email forwarded by someone trying | | | | address bar to make it seem legitimate. This is done |
| to warn me of some new threat or with some | | | | by placing a picture of the legitimate company's URL |
| "interesting news". Unfortunately most of these types | | | | over the address bar, or by closing the original address |
| of forwarded emails are false. In most cases it is | | | | bar and opening a new one containing the legitimate |
| harmless forwarding of emails with the only drawback | | | | URL. |
| being extra junk in your inbox and floating around the | | | | In another method of phishing that is quite popular, an |
| Internet. | | | | attacker uses a trusted website's own scripts against |
| In other cases, these emails themselves are a threat. | | | | the victim. These types of attacks (cross-site scripting) |
| Some emails will inform you of a "threat" and give you | | | | are particularly nasty, because they direct the user to |
| steps to take to "fix" your computer or "remove" the | | | | sign in at their bank or service's own web page, where |
| threat. Following the "advice" in these emails can cause | | | | everything from the web address to the security |
| problems in some cases. | | | | certificates appears correct. This attack is very hard |
| Please do NOT forward these types of emails or | | | | to spot as it is the link to the website is crafted to |
| follow the instructions in them without first doing your | | | | carry out the attack. |
| homework. | | | | Damage caused by phishing |
| Do a search on the "information" you received. Below | | | | The damage ranges from loss of access to email and |
| are a few good links to sites with information on | | | | other online accounts to loss of money, investments, |
| hoaxes, myths and real threats. There are many sites | | | | etc. Phishing is becoming more popular, because of the |
| that will help you find the truth about the emails you | | | | number of unsuspecting people who are easily tricked |
| get, I like these ones. | | | | into divulging information to phishers. The collected |
| This site lists emails and topics and gives you "Truth" | | | | information includes credit card numbers, social security |
| or "Fiction" information from their research. It can be | | | | numbers, and mothers' maiden names. It is also |
| quite amusing to just browse some of the information | | | | possible that identity thieves can add more information |
| they have. | | | | to what they have gained through phishing simply by |
| This site is well organized so you can select topics or | | | | accessing public records. Once this information is |
| just do a simple search. | | | | acquired, the phishers may use a person's details to |
| F-Secure | | | | create fake accounts in a victim's name, ruin a victim's |
| F-Secure is a European based international computer | | | | credit, or even prevent victims from accessing their |
| security company. The information and tools available | | | | own accounts. As you can surmise the result can be a |
| are very useful for your security. | | | | destroyed life. That is why it is extremely important |
| Hoax Search: | | | | everyone learns to recognize phishing and avoid being |
| "Phishing" | | | | caught. |
| What is "Phishing"? It is like fishing in the sense that | | | | Recognizing Phishing and test your Phishing IQ |
| criminals send out mass emails "bait" hoping someone | | | | To help people learn more about phishing and to |
| bites. The bait is an e-mail out falsely claiming to be a | | | | improve their ability to recognize it there are sites with |
| legitimate organization like a bank, credit card company, | | | | information and tests you can take. |
| online payment service, or any service, company or | | | | |
| website they think people will trust in an attempt to | | | | The best advice is to learn to recognize phishing and |
| trick people into giving private information that can be | | | | spoofing. Please check and use the sites above. The |
| used for identity theft, theft from your bank, online | | | | next best is to use a browser and email program that |
| account, etc. The e-mail will direct the unsuspecting | | | | help you to recognize phishing and spoofing. Browsers |
| person to visit a Web site where they are asked to | | | | and email programs are adding some protection. I |
| update personal information, such as user names, | | | | recommend using Firefox for your browser and install |
| passwords, credit card information, and bank account | | | | an anti-phishing and anti-spoofing add-on. Once you |
| numbers, which the legitimate organization already has. | | | | have installed Firefox go to tools, add-ons, hit "get |
| This Web site, however, is spoofed and was set up | | | | extensions" and search for the add-ons you want. Use |
| only to steal information. | | | | Thunderbird for your email. Both are free and both are |
| Link manipulation/spoofing | | | | more secure than the Microsoft products. Get them |
| Most methods of phishing use some form of technical | | | | here: |
| deception designed to make a link in an email (and the | | | | Finally: Read Your Messages in Plain Text |
| spoofed website it leads to) appear to belong to the | | | | Most e-mails written in HTML (Hypertext Markup |
| spoofed organization. Misspelled URLs or the use of | | | | Language: the authoring software language used on |
| sub-domains are common tricks used by phishers. | | | | the Internet) is harmless. However, others contain |
| Another common trick is to make the anchor text for | | | | malicious code. It is safer to set your e-mail program to |
| a link appear to be a valid URL when the link actually | | | | only show messages in plain text format (often in the |
| goes to the spoofed site. | | | | options or settings section of the software). This will |
| Website forgery/spoofing | | | | prevent malicious code from running. |