Phishing
This
is still a subject that you really need to keep on top of. It
requires a bit of knowledge to minimise or hopefully keep the
risk to the absolute minimum.
Requests
for personal and financial information can come from eMail,
web pages, telephone and probably even snail mail.
eMail:
This
is where the majority of the phishing comes from, so a good
spam filter installed in your system will minimise what you
see. You will have probably received eMails requesting you to
confirm your online banking details, and if the first one you
get is for your bank, it's a possibility you might just click
the link in the eMail and start filling in the form.
These eMails are sent out for just about every bank in the UK
and North America, and any website/company that deals in money,
ie, PayPal, eBay. Have also seen German ones, but they are rare,
probably meant to be directed at german email addresses
Even
just clicking on a link could cause you some trouble. So
here are some tips to limit this.
Your
email program and web browser have a status bar, this normally
allows you to place your mouse cursor over any printed link
in an email or a web browser and show the link in the status
bar. If it doesn't have a secure prefix, ie, https:// as against
the normal http:// you should be very wary. Your status bar
may be turned off, to turn it on, it's usually in the "View"
menu.
When
accessing the main page of most financial institutions you may
only see an http:// link , but you should find that once you
click on the "login" button, you are diverted to a
secure page. This should then have "https://" at the
extreme left of the address/URL bar at the top of your browser
window, and with Internet Explorer 7 a lock should appear just
to the right of the address bar. With Firefox 2 this is on the
right of the address bar and the status bar.
The
phishing sites may get flagged by your web browser, but there
is always a small delay before this happens. And new phishing
sites spring up very quickly, it can be done for about $20,
and they are probably using a stolen credit card anyway.
The
sites also look very, very similar to the site they are mimicing.
But if you look at the address it won't have "https"
at the beginning and will look something like "http://support.bankname.com.ccnan.cn"
where the last part in bold, also gives an indication it's dodgy.
Most of the sites seen recently appear to be of chinese origin.
Any
eMail offering cheap software, drugs, etc. Will probably mean
you have got listed on a spammers list also, and if you go to
the site and order they are unlikely to direct you to a secure
site for you to put your credit card details in. This is
just another way to collect your credit card information.
Website's:
As
well as getting linked from eMails, you may somehow find yourself
on a dodgy site, maybe because of clicking on a link resulting
from a search engine request.
Unfortunately
normally clean sites get hacked sometimes and virus and trojans
are loaded on to the site and linked to it's pages, so the unsuspecting
surfer downloads them without having any idea they are there.
This
is where you need all your virus and spyware checkers, as well
as windows and your personal firewall to be up todate all the
time.
Telephone
and Snail Mail:
These
are usually attempts at social engineering, trying to get you
too buy something, stocks and other investments, where you are
asked to supply your bank or credit card details to start or
complete the transaction.