Friday, April 20, 2007

Phishing on the internet

News from Roderick March 2007
When most people think of fishing, they are reminded of the 30-
minute struggle for that big catch, or the time they spent out in a
boat with their friends.
For me going fishing takes me back to those summers I spent in my hometown of Gambo down by the brook fishing for sparney ticklers with an old tin can complete with hammered out holes my brother had made for me. Being down by that brook and relaxing in the morning dew is something that I'll never forget.
But, while I love fishing, I really hate Phishing...which is a totally different thing. But not that different. Allow me to explain...

What is Phishing?

Phishing, pronounced exactly like fishing, is where Phishers try to gather sensitive information by parading themselves as an honorable person or company in some sort of instant message, email, or even by phone.
Basically, the Phisher casts his line with a nice juicy worm in a form of a fake banking website so that you, the fish, bites and reveals your credit card information, password, or worse your social insurance number. This inevitably leaves you like a fish out of water. Yes, I know that was very cheesy, but it proves my point that everyone should be careful about information that they hold dear to them.
Misspelled Addresses
Let's look at some of the thing you can watch out for to avoid getting hooked. One of the more common ways that Phishers are able to get your data is by fooling you into thinking that the site you're visiting is the same site you normally visit.Let's say, for instance, you are an avid eBay user and you get an email from them saying that you need to update your account. Included in that email is a link that directs you to what looks exactly like the regular eBay page. If you look closer however, you will notice a slight difference. The URL is not, rather it is some site labelled as or even
Phone Attacks
Probably one of the simpler methods that Phishers use to get sensitive information is to call and ask for information over the phone. In this case, the Phisher would call posing as a representative of the institution that you may belong to and request that you give them your data so that they can update your account. Don't be fooled!
Advanced Phishing
One tactic that is used by Phishers which is more advanced and even harder to detect is when the Phisher uses an institution's web page against the user through a set of scripts or code. Not long ago, Paypal had this very

problem. In this case, users would be prompted to log in as themselves but, as soon as they are logged in, the account would be attacked.

What can I do?
Now that you know some of the more common attacks that Phishers use, you should also know some ways to protect yourself from getting caught. Here are some methods that you can use:
Update your browser - Newer browsers such as Internet Explorer 7 and Mozilla Firefox 2.0 both have special tools embedded within them to catch the Phishing sites before they get to your screen.
Use your bookmarks - Let's say you do get an email indicating you have to update your information, instead of using the link provided in the email, log into the site that way you normally would and see if you have any prompts related to

your account. If there is nothing there, then the message you received is likely a fake. Some banks provide their own transaction protection.
Use Spam filtering - One way you protect yourself is to use Spam filtering or a Spam Guard on your email account. My fellow TechMate Neera has written a wonderful article that can guide you through this process.
For you advanced users, setting up specialized tools like OpenDNS and Norton Confidential or SiteAdvisor could help out newer users in your home.

Before you get yourself in to some serious trouble, know that there are

many people out there looking to steal your sensitive information on the Internet to use it for their personal gain. Remember that if you see something that looks fishy, then it probably is...phishy!

Black Duck Brook in Dark Cove Gambo was never as dangerous as the internet.See ya next month.

No comments: