Article printed from SiteProNews: http://www.sitepronews.com
  HTML version available at: http://www.sitepronews.com/archives.html

  
They're Phishing with Stink-Bait: Don't Get Hooked
By Trevor Bauknight

Phishing has gotten out of control on the Internet; and 
unfortunately, it has nothing to do with following a great 
Vermont band around the country aboard a VW Bus.

It is a relatively new phenomenon in the world of Internet scams, 
and it involves the sending of e-mail "alerts" which appear to 
have originated at places like eBay, PayPal, banks and other 
institutions with which you may have online accounts. These 
fraudulent alerts warn you that your information needs to be 
updated or verified for some reason and they include a link 
which looks like a legitimate link where you might update 
account information or what-have-you.

The funny thing is that when you have the status bar at the 
bottom of your web browser visible and you hold your pointer 
over the link, you can usually see where it will really take you 
if you click it; and typically, this is a totally unrelated 
domain (often only a numeric IP address shows) run by a scammer 
out to collect your personal information. Many people don't 
notice these details while browsing, and it has been reported 
that up to 5% of the "phished" fall victim to the scam.

To tell you how difficult it can be to discern between the 
legitimate and the scams, I follow this stuff for a living, and 
I missed two out of ten on the MailFrontier Phishing IQ Test at 
http://survey.mailfrontier.com/survey/quiztest.html (which, 
incidentally, is a good place to get a look at some examples of 
what the phishermen are up to and how they go about their 
shameful business). I erred on the side of caution, however, 
assuming that two legitimate messages were scams; and that's a 
pretty good policy, in general.

Your online identity is a valuable thing, and is becoming more 
valuable as more and more day-to-day activities take place on 
the Web. People are paying bills online, making travel plans 
online and even communicating their most private, personal 
feelings online. Anyone who can steal your online identity (or, 
more accurately, in this case, con you into giving it to him) 
can, for all intents and purposes, *become you* in order to 
carry out all kinds of nefarious activities.

Here are some easy-to-remember ways to avoid the hook:

1) Keep in mind that legitimate companies don't operate this 
way. No matter how shiny the bait, no company (and certainly no 
bank!) is going to use this method for this purpose. E-mail is 
not a secure or 100% reliable means of communication, and they 
know this. Just as Microsoft doesn't send out software patches 
by e-mail, financial companies don't send out mail bearing fake 
links for you to follow.

2) Keep your browser window's status bar visible...glancing 
at it before you click a link will very often show you the 
destination URL without you having to click and wind up in 
pop-up hell or some other questionable corner of the 'Net. This 
setting is usually changed somewhere under the browser's View 
menu.

3) Keep a close eye on your online accounts regularly. You 
should periodically check in with your eBay, PayPal and other 
such accounts if for no other reason than to change the 
password. If you change your password regularly, an e-mail 
feverishly telling you that your account may have been 
compromised will be even more obviously fake than otherwise, 
and you can laugh at the pitiful scammers as you drag the 
message to the Trash. Checking your accounts manually will also 
give you the opportunity to see what the latest news may be 
straight from the horse's mouth.

4) Whatever you do, don't send personal information via e-mail 
to anyone you wouldn't trust acting as you. If you think you may 
need to check the status of your eBay account, for example, don't 
respond to an e-mail asking you to do so; but, rather, login 
from the top-level eBay site and navigate to your account. 
Scammers are adept at setting up a fake link-target to look just 
like the corresponding legitimate page.

5) Keep your anti-virus and anti-spyware software up-to-date and 
active. This is a good general policy that will help keep your 
computer free of harmful viruses and spyware. Some phishing 
e-mails include attachments meant to run automatically because 
of poorly-configured e-mail software or for you to run manually 
when you're convinced by the fake e-mail that you should.

6) You should configure Windows to show filename extensions at 
all times so that you can see when an attachment that looks like 
nice.jpg is really nice.jpg.vbs, a Visual Basic script that can 
cause untold headaches. Also, make sure your e-mail software 
isn't doing anything crazy with attachments like downloading 
them automatically. Opening attachments you're not expecting is 
generally a bad idea anyway.

If you're concerned that you may already be a victim of a 
phishing scam, you should review all your online accounts for 
unusual activity as well as your offline accounts with banks, 
credit cards, etc. Any unusual delay in receiving statements 
should raise a flag. You should also file a complaint with the 
Federal Trade Commission at http://www.ftc.gov. The FTC maintains 
a good source of information on e-mail and Internet scams at 
http://www.ftc.gov/spam

Forward copies of phishing e-mails you receive to spam@uce.gov 
with headers intact so that they can examine the source of this 
garbage.

Maintaining an up-to-date computer and a vigilant attitude while 
browsing will keep your Online Identity in your hands and, with 
any luck, phishing will go back to being primarily something 
done by nomadic hippies.

================================================================
Trevor Bauknight is a web designer and writer with over 15 years 
of experience on the Internet. He specializes in the creation 
and maintenance of business and personal identity online and can 
be reached at trevor@tryid.com. Stop by http://www.cafeid.com 
for a free tryout of the revolutionary SiteBuildingSystem and 
check out our Flash-based website and IMAP e-mail hosting 
solutions, complete with live support.
================================================================

Copyright © 2004 Jayde Online, Inc.  All Rights Reserved.

SiteProNews is a registered service mark of Jayde Online, Inc.