Thursday, January 7, 2010

Gone Phishing

No, I'm not talking about the kind of fishing where you use a rod, reel, and bait.

The kind of phishing I am referring to is the most common form of social engineering. Before I delve too deep, let me take a step back and define phishing. Phishing is the process of falsely posing as a legitimate enterprise through an email or website in an attempt to acquire sensitive information such as usernames, passwords and credit card details. In short, it’s a scam.

Hmm. Maybe phishing does involve rod, reel, and bait. Rod would be the email or website you receive or visit. Bait would be the load of crap the supposed legitimate email or website is spewing. And the Reel is the link you click on that takes you to the place where you put in the information they just scammed from you.

Let's get into a little more detail. One example of phishing is a fraudulent email or website.

Phishing scams employ fraudulent e-mail messages or Web sites that try to trick you into revealing personal information.

Who has not received an e-mail message appearing to come from your bank or other financial institution that asks you to update your account information?

The e-mail message includes a link that appears to go to a legitimate site, but really takes you to a spoofed or fake Web site.

Does this email message look familiar? Or have you seen a similar email message in your inbox?

Dear First Bank User,

As a courtesy to our valued customers, First Bank conducts regular account verification processes.

In order to ensure your account information is not made vulnerable please visit http://www.firstbank.com.aaccount-update-info.com.

Please click on the above link to our website to confirm or update your account information. If you do not do this within 48 hours, you will not be able to use your First Bank account for 30 days.

Sincerely,

First Bank


**If you enter your login, password, or other sensitive information, a criminal could and would use it to steal your identity.**

How can you identify Phishing emails?

If you don't see your name, be suspicious. Notice the generic greeting. Internet criminals tend to send phishing emails in large batches and to save typing time the criminals use generic names like "First Bank Customer".

If you don't see "https", do not proceed. Notice the forged link. Even if a link has a name you recognize somewhere in it, it does not mean it links to the legitimate company. Roll your mouse over the link and see if the pop-up matches what appears in the email. If there is a discrepancy, DO NOT click on the link. Notice how the link starts with “http”. Secure websites where it is safe to enter personal information begin with "https" — the "s" stands for secure.

If you receive an email requesting your personal information, it is probably a phishing attempt. The whole point of sending phishing email is to trick you into providing your personal information.

If there is a sense of urgency, be suspicious. Notice the time sensitivity. The faster the criminal gets your information, the faster the criminal can move on to another victim. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast.

If you see misspellings or bad grammar, do not proceed. Phishing e-mail messages often include misspellings, poor use of grammar, threats, and exaggerations.


Tune in tomorrow when I discuss Spear Phishing.

In the meantime, DO NOT reveal any personal information in e-mail or online unless you know who you are dealing with and why. Additionally, make sure you are in a secure environment.

2 comments:

kgoodman January 8, 2010 at 8:39 AM  

Denise,

Great information for all your readers. There is nothing like a clear explanation to help folks understand what perils await in the magical internet.

:ove ya,
Dad

Denise January 8, 2010 at 7:27 PM  

Ah, my number 1 fan. Hi, Dad. :-)

Thanks. I felt it was important to share what I've learned through my research and hope that it keeps others safe.

  © 2009 DENISE ROBBINS | Design and graphics by Will Design For Chocolate | Blogger template 'Contemplation' by Ourblogtemplates.com