Results 1 to 9 of 9

Thread: Get the basics on phishing

  1. #1
    gerard_konijn Guest

    Default Get the basics on phishing

    Just when you thought it was safe to go back into your inbox, there's a new form of spam e-mail phishing. In 2004, phishing e-mails grew 5,000 percent, with nearly 18 million phishing attempts recorded.What is phishing? Just like a lure might be dangled in front of a fish to trick it into thinking there s a real worm at the end of the hook, phishing is e-mail or instant messages that look like they re from a reputable company to get you to click a link. These messages can look like the real thing, right down to a spoofed e-mail address (faking someone else s e-mail address is known as spoofing ). When unsuspecting users click the link, they re taken to an equally convincing (and equally fake) Web page or pop-up window that s been set up to imitate a legitimate business. The phishing site will ask for the user s personal information, which the phisher then uses to buy things, apply for a new credit card, or otherwise steal a person s identity.What are the signs of phishing? Spotting the imposters can be tricky since phishers go to great lengths to look like the real thing, but here are a few warning signs:Unsolicited requests for personal information. Most businesses aren t going to ask you for your personal information out of the blue especially not an organization such as your bank or credit card company, which should already have this information on file. If you do get a request for personal information, call the company first and make sure the request is legitimate. Alarmist warnings. Phishers often attempt to get people to respond without thinking, and a message that conveys a sense of urgency, perhaps by saying that an account will be closed in 48 hours if you don t take immediate action, may cause you to do just that.Mistakes. The little things can often reveal the biggest clues. Phishers often slip up on the finer details and overlook typos, mistakes in grammar, and so on. Addressed as Customer. If your bank, for example, regularly addresses you by name in its correspondence and you get an e-mail addressed to Dear Customer, this may be a phishing attempt. The words verify your account. A legitimate business will not ask you to send passwords, logon names, Social Security numbers, or other personally identifiable information through e-mail. Be suspicious of a message that asks for personal information no matter how authentic it looks. The phrase Click the link below to gain access to your account. HTML-formatted messages can contain links or forms that you can fill out just as you d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name, but the link you see is actually taking you to a phony Web site.Trust your instincts. If an e-mail message looks suspicious, it probably is.Another common technique that phishers use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: www.micosoft.comwww.verify-microsoft.comor something like that.To help avoid this trap, it s best to visit a Web site either by typing the URL in the address field yourself or by accessing it from your Favorites list. Be cautious when clicking links that claim to take you to a site.Best regards/Vriendelijke groeten. Gerard Konijn. Tilburg. The Netherlands.

  2. #2
    ad_hock Guest

    Default Re: Get the basics on phishing

    Hi Gerard
    Excellent post it should help a lot of people that are wise enough to read it with close attention. Specially for those who does on line banking it's a nice teaching.
    All the best and kind regards

  3. #3
    gerard_konijn Guest

    Default Re: Get the basics on phishing

    On line banking?Just forget it, it's Not safe enough in the Netherlands.Best regards, Gerard Konijn. Tilburg, The Netherlands.

  4. #4
    ad_hock Guest

    Default Re: Get the basics on phishing

    I didn't think that things were so bad there, as this is a common practice in our days, of course with a lot of precautions.
    Best regards

  5. #5
    gerard_konijn Guest

    Default Re: Get the basics on phishing

    There's no bank, in the whole wild world, who gives you 100% guarantee, it's Not safeBest regards/Vriendelijke groeten. Gerard Konijn. Tilburg. The Netherlands.
    Help with ZoneAlarm? There's a red Search! > option at the bottom of the page to find your answer.
    Or navigate the following link: http://www.donhoover.net/


  6. #6
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Get the basics on phishing

    Well done Guru Gerard-Konijn and also Guru Ad-Hock!

    Two points:-
    <blockquote>[*]phishing sites often use the real web site as a template to fake their own by using links to graphics etc on the real site. Therfore the phishing site can look VERY real.
    [*]Secondly, in formulating a URL link in a web page, what you see is not necessarily what you get. A correct URL could still hide a fake website.</blockquote>

    This is an example of just how easy it is to use a legitimate address to take you to a legitimate site but NOT the site you think:-

    Do you run WINDOWS MESSENGER? Get the latest version from http://www.microsoft.com/windows/messenger/.

    Also, if you do use internet banking, only do so from a computer you have ABSOLUTE TOTAL control over. If you use one that you don't (a friends computer, internet cafe etc), you can never know if you are being keylogged! If you need internet banking away from home, take a bootable LINUX distro (eg Knoppix), boot from that do your banking and log off. That way you can be sure nothing is left behind on the host computer.

  7. #7
    acrorex Guest

    Default Re: Get the basics on phishing

    Great posts by all of the above. I have had about 12-15 plishing attempts with my e-mail. I was alerted to the fact that the "spelling or missing .com, or .gov, .net, and others were missing from the "Real" sites, banks, ect, were missing.!!! I recived my warning from msn, but not as with much details as here.! Thanks again for all.! Enjoy. ...acrorex...

  8. #8
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Get the basics on phishing - What about FasterFox's pre-fetching?

    It just occurred to me that the "enhanced pre-fetching" function of FasterFox (a Firefox plugin) might be a security hole if it automatically loads and caches all links on a web page.

    Any comments?

  9. #9
    gerard_konijn Guest

    Default Re: Get the basics on phishing

    Phishing an attempt to fraudulently gain access to your personal information is a huge problem. And even the smartest among us might be fooled at times. If you think you are the victim of phishing, follow these simple steps:Report the incident: Immediately report the incident to the following organizations: Contact your credit card company if you have given out your credit card information. Reporting that your account may be compromised and closing the account should be your first step. The sooner a credit card issuer knows, the easier it will be for them to help protect you. Send the entire fraudulent message to the company that's been misrepresented. Remember to contact the organization directly, not through the e-mail message you received. Find out if they have a special e-mail address to report such abuse. Notify theInternet Fraud Complaint Center (IFCC), a partnership between the FBI and the National White Collar Crime Center (NW3C). The IFCC works worldwide with law enforcement and industry to promptly shut down phishing sites and identify the perpetrators.You can also report the phishing scam to theAnti-Phishing Working Groupatreportphishing@antiphishing.organd to the FTC at spam@uce.gov. To report the scam to these groups, create a new e-mail message addressed to them and attach the phishing e-mail to the new message. You can also copy the entire phishing e-mail and paste it in the new message. Do not use the "forward" option if possible, as this format may keep identifying information from going through and requires more manual processing. Change the passwords on all your accounts. If you think you've responded to a phishing scam with password information, or entered passwords into a phony Web site, immediately change your passwords. Use a strong password that has the following characteristics: It s at least eight characters long. It includes letters, numbers, and symbols. It s easy for you to remember but hard for others to guess. Avoid names and words in any dictionary, as well as pet names, important dates, and so on. Protect your passwords and change them regularly.Be vigilant. Be suspicious. And follow these simple guidelines to help reduce your chances of getting hooked by a phishing scam. Never give sensitive personal information in a message. Most businesses will not ask for passwords, account or credit card numbers, or other confidential information in an e-mail, instant message, or pop-up window. While browsing, be particularly suspicious of windows that do not include the address bar. If you think you've received a phishing e-mail message, just delete it without responding. Make sure the Web site is legitimate. Do not enter personal information unless you're sure it is to a Web site you trust and that the site takes appropriate steps to protect your data. Find out if the site uses encryption to protect your data. Look for https (the s is for secure ) in the Web address, and check for a tiny closed padlock or an unbroken key icon in your browser window. On some systems, the padlock (and key) can be faked, so double-click it to display the security certificate for the site. Look for a match between the name on the certificate and in the address bar. If the name differs, you may be on a faked site. If you have even the slightest doubt about a site's legitimacy, play it safe and leave. Be wary of clicking a link in a message or pop-up window. If you get an e-mail, instant message, or pop-up window that asks for personal information, do not click the link. Doing so could take you to a phony site where any information you give may be sent to the phisher who built it. If you're unsure whether a message is genuine, call the company by using the telephone number on a past statement or the telephone book. To visit the company s Web site, type the address (do not copy and paste), or use your own bookmark or Favorites list. Routinely review your financial statements. Carefully check all your credit card and bank statements monthly and regularly log on to any online accounts. If you review your bank and credit card statements often, you may be able to catch con artists and stop them before they cause significant damage. Improve your computer's security. Phishers hope you haven't been applying the latest security fixes, and may try to take advantage of these vulnerabilities. Some phishing e-mail may contain malicious or unwanted software that can track your activities or simply slow down your computer. To improve your computer's protection,use a firewall and antivirus software and update it routinely, and keep your Windows and Office software up-to-date.Best regards, Gerard Konijn. Tilburg, The Netherlands.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •