The phishing threat hits home

Most people do not know what Phishing is.  Those who do know understand that it has something to do with emails and collecting their data, but they do not understand how the process works.

Phishing involves an email that asks you to click a link.  You are often asked to go to a website and enter your personal information.  These are called ‘spoof’ emails.  The purpose is to get you to enter your banking or account information into a fake website. They use this information to steal money from credit cards, paypal accounts, and bank accounts.

The second type of email puts spyware and malware on your computer. This is malicious software programs that harvest your usernames, passwords, and any information that you ‘saved’ in your computer.  Remember filling out the ‘auto form filler’ feature on your computer? You included your full address, age, banking information, credit card information in the form feature. Malware and spyware can retrieve this information.

Phishing can also include the Nigerian Fraud, which has expanded to include a dozen countries. These emails ask you to help them ‘launder’ money.  They want to put millions into your account. Of course, most countries have a limit. Any transaction over that amount draws the attention of the authorities.

So- no money is ever going to be deposited.  Once you give them your information, they will use it to empty your accounts, make purchases in your name, and apply for loans. 

Phishing is hard to fight because the criminals are often in countries where there are very lax, if any, internet laws.  Even if the UK authorities know about the scam, it is difficult to investigate and impossible to try and incarcerate the fraudsters.

These new e-crimes are on the rise.  Anti-Phishing Working Group (APWG) announced in May 2007 that they will join the financial services and law enforcement communities to hose the counter eCrime Operations Summit.

The web crime conference will take place on May 30 and 31 in California, USA.  The objective is to create viable methods of handling cybercrime.  While there is not much hope that we’ll see any real solutions within the next couple of years, the exposure of eCrime is one way to combat it.

The most important thing for the average Internet user to remember is that the responsibility for protecting their information is in their hands. 

Buying Online

Avoid buying from small websites that do not have a main address in the UK.  If there is no office, mailing address, and telephone number – beware.  Don’t let a picture of nice offices and a warehouse fool you.  Call the number before entering your information.

It is also important to make sure that the website is using a secure SSL certificate. It is also important to make sure that your information is secure.  Never enter your information into an email or into a domain name that doesn’t match the domain name of the website you are on. 

This is especially important if you are asked for information from your bank, or a company that manages your money like Gbuy, or PayPal. These companies offer protection from fraud, but only if you stay in their website.

Answering Emails

Everyone receives dozens of spam emails every day.  It was easy to figure out which ones are from friends and which ones are from spammers – until now.  Now with Yahoo and Google toolbars that take your information and use it to find more relevant searches for you, it is easier for spammers to target the people who are most likely to open their emails.

Never open an email saying that your loan is approved, you won money, won a vacation, received a payday loan, or a lottery.  Also avoid emails with nothing in the subject line – even if they are from a friend. Some spam software can take the names from your friend’s email lists on MSN or Yahoo messenger and use them to target you. 

One way that Phishing software is hidden in emails is by including a graphic or picture.  The consumer ignores the ‘attachment’ believing it is the graphic.

If in doubt then email your friend.  A smart thing to do would be to have all your friends use a ‘code’ in the subject line.  However, if in doubt – delete.

Rebuttal

Many people fall into the Phisher’s scam by returning the email so they can reply to the email, telling the host site that they know the email is fraudulent and threatening to turn them into the authorities.

Unfortunately, this may also let the criminal company download software to your computer.  Another thing to remember is that until you reply, the criminal never knew if your email was real or not – the email was just a shot in the dark.  Once they know that the email is real, they can sell it to hundreds of spam sites.

Banking Information

Remember that no legitimate financial institution will contact you by email. They will either call you or use snail mail.  Never fill in any form in an email, or a form that you were directed to by an email.

Cyber criminals are smart. They will life the exact forms and logos from the real sites and use them to steal information form unsuspecting Internet users.

In the end, keep your information private.  Use good passwords, and never use the ‘save password’ feature on your computer.  It is also important to change your passwords every few months.  Clean your cookies out weekly, and run an anti-spy software program weekly.