Fishing the Phishing
I was reading an article about the explosion of the practice of phishing.
But before you close this page and I lose my audience, let me explain what is phishing.
Phishing are e-mails that you receive as if they were from your bank or from some place you have an account (it could be ebay, Amazon, school, work, etc.). The e-mail seems legitimate – in general they have the same layout, colors, graphic elements and style of the e-mails you are used to get from that company.
The e-mail asks you to confirm your data, or check if your account is ok, or uses any other excuse to make you access your account with the bank, store, etc. The e-mail provides a link to the site (or a button such as “click here”) and the link looks correct.
Once you click on the link, you are taken to a site that looks exactly the same as the original and, believing you are there, you log in providing your user id and password.
What really happened? Several things:
1- The e-mail that you received, even though it looks legitimate, probably isn’t. The majority of the companies avoid such kind of communication, as they know the risks of fraud.
2- The link that you clicked on, although looks correct, isn’t. Even though it may be written, for example, http://www.amazon.com, in reality it may take you to another site, a fake one that looks like exactly as Amazon’s. What is written on the link has nothing to do with the actual address of the link. The same applies to buttons such as “click here to access your account”.
3- When you logged in to the site, you user name and password were sent to the criminal that now can the steal your identity (act as if they were you) and party at your expense. Frequently they shop using your account and providing a PO box as shipping address, often in countries with lax control over cybernetic crimes. Many times they access personal data and use them to issue documents such as social security cards, credit cards, passports, or driver’s licenses.
This is one of those situations VERY easy to avoid, just following these basic rules:
1- If the e-mail that you received is not well written (with typos or grammatical errors), delete it immediately. It is fake. It is hard to believe, but a great number of the phishing e-mails are not well written and nevertheless people believe in them…
2- If the e-mail that you receive seems legitimate, still DO NOT click on the link or button it provided. Instead, open a new window of your browser, type the address that you normally use to access the bank or store (frequently it is on your list of “favorites”) and then log in and check if what is being told on the e-mail is true.
This also applies to e-mails that you receive at work or school, or from people you know, as someone’s computer could be infected by a virus and the person could not know that it is generating fake e-mails.
In a nutshell, DO NOT click on links that you receive by e-mail. Type the address you are used to, instead.With that, phishing would no longer be effective and the criminals would have to look for another way to explore people’s naiveté.
PS: This blog has no link asking you to login to your account. If it has, it was hacked! :-)
But before you close this page and I lose my audience, let me explain what is phishing.
Phishing are e-mails that you receive as if they were from your bank or from some place you have an account (it could be ebay, Amazon, school, work, etc.). The e-mail seems legitimate – in general they have the same layout, colors, graphic elements and style of the e-mails you are used to get from that company.
The e-mail asks you to confirm your data, or check if your account is ok, or uses any other excuse to make you access your account with the bank, store, etc. The e-mail provides a link to the site (or a button such as “click here”) and the link looks correct.
Once you click on the link, you are taken to a site that looks exactly the same as the original and, believing you are there, you log in providing your user id and password.
What really happened? Several things:
1- The e-mail that you received, even though it looks legitimate, probably isn’t. The majority of the companies avoid such kind of communication, as they know the risks of fraud.
2- The link that you clicked on, although looks correct, isn’t. Even though it may be written, for example, http://www.amazon.com, in reality it may take you to another site, a fake one that looks like exactly as Amazon’s. What is written on the link has nothing to do with the actual address of the link. The same applies to buttons such as “click here to access your account”.
3- When you logged in to the site, you user name and password were sent to the criminal that now can the steal your identity (act as if they were you) and party at your expense. Frequently they shop using your account and providing a PO box as shipping address, often in countries with lax control over cybernetic crimes. Many times they access personal data and use them to issue documents such as social security cards, credit cards, passports, or driver’s licenses.
This is one of those situations VERY easy to avoid, just following these basic rules:
1- If the e-mail that you received is not well written (with typos or grammatical errors), delete it immediately. It is fake. It is hard to believe, but a great number of the phishing e-mails are not well written and nevertheless people believe in them…
2- If the e-mail that you receive seems legitimate, still DO NOT click on the link or button it provided. Instead, open a new window of your browser, type the address that you normally use to access the bank or store (frequently it is on your list of “favorites”) and then log in and check if what is being told on the e-mail is true.
This also applies to e-mails that you receive at work or school, or from people you know, as someone’s computer could be infected by a virus and the person could not know that it is generating fake e-mails.
In a nutshell, DO NOT click on links that you receive by e-mail. Type the address you are used to, instead.With that, phishing would no longer be effective and the criminals would have to look for another way to explore people’s naiveté.
PS: This blog has no link asking you to login to your account. If it has, it was hacked! :-)
posted by Marco Malka | 11:18 AM
0 Comments:
Post a Comment
<< Home