Home arrow Term to Learn arrow General arrow Phishing For More
Phishing For More Print
Sunday, 26 December 2004
Have you ever had an email requesting you update your account information or your account will become inactive? More times than not this is an example of "phishing". Phishing is the act of using an email or bogus website in an attempt to get you to give up personal information such as account names, numbers, credit cards, and so on.

These emails appear to be from well-known establishments and include links to a web site that looks like the real site. For example, you might get an email suggesting that for security reasons you need to update your account data. These emails insist you act before a certain date to prevent your account from being suspended.

When we first wrote about phishing last year, it was easier to spots scams because the web page you were redirected to contained spelling errors or different URLs. For example, the browser address bar might show www.earthlinck.com rather than the correct address. Often, scammers repeatedly targeted the same popular sites such as AOL, eBay, PayPal, VISA, Citibank and so forth.

Fast-forward 18 months and the problem has expanded beyond email. Although not as common as email scams, fake retail web sites are starting to appear. Instead of prompting you to update account information, these sites induce you with great deals. You innocently click an item's picture and a piece of code is downloaded to your PC. The code might log account information or redirect you to other sites.

Moreover, scammers are taking advantage of browser and operating system weaknesses. As an example, see if your browser passes this XSS test developed by Secunia.

http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/

The above test was merely a demonstration. However, if your browser failed the test, it means someone with enough technical knowledge could trick you into thinking you were at the real PayPal site. As you can see from Secunia's example, you can't always trust a site because a padlock is displayed.

While these warnings and exploits won't deter us from using the web, they remind us we need to vigilant about security. Although there is no thing as a 100% safe system, these days you must:

 — Install all critical OS patches
 — Regularly update your anti-virus software
 — Routinely scan your PC for Spyware.

Additional Resources 

Excellent Phishing Test from Sonic Wall
Microsoft: how to recognize a phishing scam
New York University: What is Phishing and how to avoid it

Last Updated ( Sunday, 24 December 2006 )
 
[ Back ]