Need to network?
Then network with us--Accent on Computers. 203-625-7575.
Marcy 10, 2006
Phishing: Sharks in the WWWater
Dear Larry,
I received an e-mail from my bank, and my son scared me
into deleting it because it might be a fishing attack. What on earth was he
talking about?
M. T. R.
Dear M. T. R.,
Your son was actually referring to a technique called
“phishing,” a major ploy used in identity theft. And he was quite right to make
you concerned. It’s important that everyone’s awareness be raised because it’s
all too easy to be tricked into divulging personal information.
Imagine this: An official-looking letter arrives in the mail
from a major national bank. The letter asks you to call them on the 800 number
indicated in order to straighten out some sort of issue involving your account.
Concerned that a problem might develop with your credit rating, you contact the
bank on their 800 number. A woman answers the phone, asks you what your call is
referencing, and directs you to a gentleman in accounting. He explains the issue
and asks you for some detailed information regarding your account and your
credit cards to ensure that all of your records are perfectly up-to-date. At the
end of the conversation, he cordially thanks you for your help and you hang up
relieved that potential trouble has been averted.
Indeed, your troubles have only just begun; you’ve been had!
The official-looking letter was just that—official-looking. Maybe the bank’s
masthead was on the letter, but that’s not difficult to copy. And the 800 number
in the letter directed you to a scam operation, manned by people just waiting
for the telephone to ring so that they could collect personal information from
the next individual naïve enough to respond to the letter.
Phishing is simply this, but transplanted into the world of
computers. Instead of a letter, you receive an e-mail. And instead of an 800
number, there’s a link in the e-mail supposedly directing you to the sender’s
web site. When you click the link, it sure looks like the web site you’re
accustomed to visiting, be it eBay, Paypal, your bank, or some other
institution. It’s not at all difficult for a phisher to create this fake web
site and get you there via a phony link. And once you’re there, you’ll be asked
for all sorts of private, confidential information—perhaps your bank account
number, your password, your credit card information, etc. Often, the initial
e-mail uses scare tactics to lure you in, such as warning you of a suspended or
overdrawn account.
So how do you avoid phishing attacks? Simple: Never click a
link in an e-mail directing you to what you think is an official web site.
Prudent organizations will never send you e-mails of this sort. If you’re at all
concerned, just don’t click the link; instead, bring up the Internet and go
directly to that institution’s web site to find out more and to determine if the
e-mail was even legitimate in the first place.
As convenient as e-mail is, it’s also convenient for the “bad
guys” to send you viruses, spyware, and phishing inquiries. When reading your
e-mail and opening up attachments, you should always be checking for anything
the least bit phishy.
This is Larry Schneider, logging off.
