Today I received an email from "Yahoo! Groups:" "Please confirm your request to join will-kate." I hadn’t remembered joining a group lately, but I wondered if I had in recent weeks and forgot. The sender’s name seemed right.
First I went to the Yahoo! Groups main page and searched for "will-kate." There was no group. Out of human curiosity, I clicked.The email was sent to an address on my personal domain that doesn’t exist.
And that’s when it hit me: Does Yahoo! Groups even send a confirmation email? I joined a new group. No confirmation email came, only a welcome email from the moderator. Phished!
Is it OK to click a link an email that looks like a phishing attempt?
I spoke with a colleague at Zone Labs who works in our Smart Defense team about whether it was OK for me to visit the phishing site out of curiousity, or for purposes of reporting the site. (There’s a new site called PhishTank I wanted to check out.)
He had a more conservative response than PhishTank, which says in its FAQ: "it’s usually safe to visit these sites as long as precautions are
taken, like making sure your browser’s security settings are high."
My coworker pointed out that sites could have exploits, that will be used to plant Trojans on your computer. Some of those exploit vulnerabilites which
may not yet have a patch available.
The safest way to visit phishing sites (if you must visit them)
If you decide to visit suspected phishing sites, the most secure way to do so is:
- Using a browser other than Internet Explorer, as IE is often a target for attacks, given its popularity.
- Have your browser security set to the highest levels.
- Have your ZoneAlarm firewall set to the highest levels, as well as antispyware and antivirus turned on.
- Use a virtual machine, such as VMWare offers.
- Use a Unix machine (if you have one lying around)
PhishTank lets you report sites by forwarding an email so it’s not necessary to visit suspected phishing sites. Ideally you shouldn’t even click on spam emails or ones that are obviously impersonating valid sites, as this likely will confirm that you have a valid email address, resulting in more spam.