Saturday, March 12, 2005

Phish or Foul?


These are examples of how clever phisher's can be.The Email appears to have been sent from Earthlink's billing Department, indicates that the customer's credit card has expired. For " Security Purposes," according to the email, this has prompted Earthlink to remove the customer's credit card information from their files.

in the first example the fisher failed to complete the sentence starting "designated trademarks...."

In the second Example, the URL displayed in the address window does not begin with "https." That is a sure sign something's wrong. Never submit credit card information over an unsecure connection.
This page was clipped from the Ultimate How to guide published by Maximum PC
I felt I should illustrate how similar to official documents that these can appear to look like.

Tips to stop phisher's cold
  • Review Credit card information statements as soon as you get them and attempt to account for all charges. If your statement is late by even a few days, call your credit card company or bank to confirm your billing address and account balances.
  • Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your keystrokes. The anti-virus program and SP2's firewall can prevent such unwanted emails from ever being seen by you. Most corruptable files will be deleted without you even knowing it happened. Norton Antivirus gives you the option of reviewing the attempted attacks on your system that it stopped and took care of for you. (you would be surprised at how often it will happen)
  • A firewall helps to make you invisible on the internet and blocks all communications from unauthorized sources. It is especially important to use a firewall when you are connected with a high speed internet connection. (like broadband)
  • Your operating system may contain free 'patches' to close open portals in your system. To insure these patches are up to date, have your Windows update automatically or go to windowsupdate.microsoft.com
  • Be very cautious about opening attachments in email unless you are sure of the sender and that the sender originated the email.
  • When shopping online use only companies that have strong privacy and security policies.
  • before disposing an old computer, remove all data from the hard drive. You can "wipe" it clean using a program such as, Erase your Hard drive, www.eraseyourharddrive.com
  • Do not depend on the delete function to erase files as it only drops the first charcter and does nothing untill it is written over. this is to allow a user to restore the file. Phisher's are expert restorer's.
  • Never email personal information or financial information. Email is not a secure method of data transfer. If you have initiated a transaction and want to exchange information, check for the indicators that the site is secure. Like a lock icon on the browser's status bar. Or a URL for a website that begins with "https"(the s in https stands for secure)

No comments: