|
Internet fraud is a multi-billion dollar illegal business. Hackers use a number of ways to obtain your personal and confidential information.
Two of their tools are "phishing" and "pharming." From your personal desktop at home to the corporate office environment, no place is out of these threats' reach. But there are measures you can take to remain secure. This paper will teach you how to determine if you have been violated, how to identify the threat, and how to protect yourself against it.
No Phishing Allowed
It's not the fishing with a rod and reel but the illegal online phishing, also known as spoofing, that we receive in our e-mail inbox. The sample on the next page shows an e-mail that I recently received requesting an update of my account information. Yes, someone was phishing, and I was supposed to be the phish! Educate yourself as to what this "phishhook" looks like.
E-mail phishing involves an illegal e-mail message that pretends to originate from a bank or online store. This message asks for your security information. Some phishing messages use strong-arm tactics that threaten users with account termination if they don't respond. It looks real, and it's easy to be fooled.
Phishing works when a hacker throws out a phishhook by sending e-mails to unsuspecting consumers. The e-mail headers have counterfeit "from" e-mail addresses that look as if they came from a legitimate source. It directs you to click a "link" to update your financial, personal, and password information. But actually this link is sending you to the hacker's web site.
The following page shows an example of what this might look like:
Dear customer,
During our regular update and verification of the accounts we couldn't verify your current information. Either your information has changed or it is incomplete. If the account information is not updated to current information within 5 days then your access to bid or buy on eBay will be suspended.
To Update Account, please click the link below
Thank You. eBay UPDATE TEAM
Accounts Management As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements.
Respectfully,
Trust and Safety Department eBay Inc.
Copyright 1995-2005 eBay Inc. All Rights Reserved.
Despite the counterfeit trademarks and copyright and even the authentic looking "from" address field, this e-mail is a fake. And this phish stinks!
How do you spot a fake? There is one key detail in the above e-mail that helps identify the fraudulent intent. This is the link within the body of the message. This link that the phisherman wants me to click consists of an IP (Internet protocol) address, which is made up of a deliberate set of numbers. An IP address allows a web site to be identified with a number instead of a more controlled name resolution system, such as DNS. A more legitimate address link will consist of the name of the web site that you will be directed to. Although an IP address can be used, it is unusual for a large, well known institution to use numbers instead of the name of its site.
Also, legitimate institutions will have you visit their site directly, usually to a home page first, and then log in as registered user. If you need to update your user or account information, you would do so through a secure connection, such as https (secure hypertext transport protocol). The https appears automatically when the site requires this secure connection. These secure connections will provide encryption of your electronic "package" while it is traveling on the public Internet. Sometimes certificates are used to ensure the authenticity of the sender and receiver.
When in doubt, always play it safe. If you are unsure the e-mail is legitimate, contact the institution to ask about the authenticity. DO NOT respond to the e-mail by clicking the reply button, as you could be redirected to another site where you might catch a bunch of viruses. (Yes, it happened to me once.) It's best to forward the e-mail or cut-and-paste it within a new e-mail and send it to the appropriate authorities.
|
