Friday, February 10, 2012

I'd rather be phishing?

"Give a man a fish and you feed him for a day. Teach a man to phish and you feed him for a lifetime."
- paraphrasing a Chinese Proverb
Phishing is the act of catching unwary users of email and tricking them into giving personal information or clicking on a link for the purpose of installing malware or other nefarious actions. Phisherman are never so crude as to say, hey look, you don't know me but click here please. Instead they pretend to be someone you know having already stolen your friends email address book, or pretend to be a legitmate business that you deal with, or provide some incredible other that is too good to pass up.
  • Never open or reply to any e-mail when you are unsure of the sender.
  • If it is too good to be true - it is.
  • E-mails that appear to come from a known entity (like your bank, the government, someone from your old high school, etc), often are spoofed e-mails and do not come from them at all.  
    • If you see an e-mail from your bank - sign into your account directly from the official website - NEVER follow the helpful link they send you. That helpful link will take you to a fake website that will save your account # and password for later theft.
    • If you get an e-mail notice from the government about your tax info, think about it. How did they get your e-mail address? And the IRS does not use email; they send you a nicely registered letter requesting your presence at an audit.
The internet is seeing a continuing dramatic rise of e-mails designed to fool you into action; and it does work or they would not be doing it.  Some of the most recent tricks are:
  • Notices of copyright/trademark infringement
  • Notices from the BBB about a complaint
  • Notices from banks requesting an update of some kind or another
  • Notices about problems with an electronic check/deposit (ACH)
  • Notices from the Government looking for you to update your tax data
  • Notices about problems with your tax return 
  • E-Mails from old friends (they get that data from Facebook, Linkedin, etc, etc...)
  • E-Mails asking you to help a friendly prince get his inheritance out of a country controlled by an unfriendly tyrannical government
  • etc, etc, etc...
Bottom Line

This is nothing new - just a reminder to practice safe computing. Below is a screenshot of e-mail quarantined by one person in one morning; you can clearly see  examples of phishing.

Labels: , , , ,


Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home