Posted on 09/01/2005 5:48:41 AM PDT by OESY
Phishing has emerged as one of the online world's more frightening scourges. Even at their most irritating, most spammers just wasted your time or left you averting your eyes from scary porn. Phishing scams are worse -- they're attempts to steal your money or even your identity, and they threaten to undermine some of the basic conveniences and efficiencies of the Internet age.
And unfortunately, phishing is going to be with us for some time: The Internet's technical underpinnings date back to when the Net was a preserve of scientists who had no reason not to trust each other, and it looks like the technical overhaul needed to make us less susceptible to phishers will take years to accomplish. In the meantime, what's needed is greater awareness of the phishing's dangers, a task that should fall on companies targeted by phishers, Internet-service providers, government agencies, individual users and others.
To review, in its most-basic form phishing is crafting an email that pretends to be from a financial institution, e-commerce site, or some organization you have a relationship with. The email -- which can appear to come from the organization and even include its logo -- claims that account information urgently needs updating, or some transaction needs to be made. Users are typically asked to click a Web link in the email. The link typically looks like it leads to the organization's Web site, but it goes to a lookalike site, and any personal information offered up there winds up in the hands of the phisher, who may use it to run up credit-card charges, lock the user out of his or her own account, or steal his or her identity....
(Excerpt) Read more at online.wsj.com ...
There are a lot of esoteric variations on phishing schemes, and new flavors are emerging all the time. But here are some tips for basic safety:
Don't respond to e-mails asking for personal or financial information -- passwords, account numbers, Social Security numbers, and the like.
Don't click on links in emails from financial institutions and other organizations that have your personal information, and don't paste those links into your browser. Weaknesses in the technical underpinnings of the Internet can let phishers redirect you to fake sites, and just visiting suspect sites could subject you to attempts to put malicious programs -- called "crimeware" -- on your PC.
Don't taunt phishers by following their links and giving them false information -- a visit to a fake site can trigger a "drive-by download" of crimeware.
Don't download or open files attached to emails purporting to be from financial institutions, eBay, PayPal, and the like.
Don't trust phone numbers in emails. These can be faked, too.
Basically, if email from a financial institution or organization that has your personal information does anything other than inform, don't trust it. We hate to say that, because such email communications are supposed to make life easier. But until basic flaws with email and the Web are fixed, it's not worth the risk.
Enough don'ts. What should you do?
If you think a communication requiring you to take action might be legitimate, type in the organization's Web address yourself from a new browser or call. Again, don't copy the Web address from the email or trust a phone number supplied by it.
Send emails you think might be phishing to reportphishing@antiphishing.org and to the organization mentioned in the phishing email. Most organizations also offer an email address, such as spoof@ebay.com, that you can write to.
Make sure your Internet connection is protected by a firewall, your PC is protected by antivirus software, and run antispyware software periodically to check for malicious programs on your machine.
For more information and tips, see the following sites:
The Federal Trade Commission's consumer alert on phishing, which includes information about what to do if you are scammed.
The Anti-Phishing Working Group's tips for spotting phishes. The group also has tips for what to do next.
Microsoft's tips on preventing phishing;
Tips from the Washington Post;
Take Mailfrontier's quiz and see if you can separate the phishes from the legitimate email communications. Most importantly, read their tips. You'll probably wind up hopelessly paranoid about links in email. That's good.
(Denny Crane: "Sometimes you can only look for answers from God and failing that... and Fox News".)
Just waiting for the first "I'm trapped in New Orleans, please send $$" e-mail scam to start showing up in my inbox. /sarcasm
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.