53. Beware of phishers
By Mark Alberstat
Nothing beats a bit of relaxing fishing to take your mind off the worries
the Internet poses today. With spyware, viruses and worms threatening
computers ever day, a few hours of fishing would be time well spent.
Today, however, that fishing can also be spelled "phishing" and it is
another type of threat that Internet users have to be aware of and guard
themselves against.
Phishing scams are relatively sophisticated spam or pop-up messages that
attempt to trick you, and other Internet users, into disclosing personal
and valuable information such as credit card numbers, bank account details
or passwords to various accounts.
A few of the spoofed companies include eBay, Amazon.com, AOL, Visa and
Citibank, to name a few. Phishing is sometimes also known as brand
spoofing or carding.
The messages typically look like legitimate e-mail or pop-ups from known,
trusted companies. These messages will urge you to "update" or "validate"
account information. There are often links in the e-mails that you are to
click on which will take you to a site designed to look legitimate and
will prompt you to put in your personal account information. The people
perpetrating the scam gather this information and then your credit cards
are suddenly charged up, or your personal information abused in some other
way. This is the most recent method for the often talked about crime of
identity theft.
There are a few basic steps to guard against such online scams:
- Do not reply to a link in an e-mail message that asks for personal or
financial information. Any legitimate company requiring this information
would not do so via e-mail. If you think the request is legitimate, close
the e-mail and log on to the company's main site and investigate the site
for needed updates. You can also contact the company through the site or
the phone and see if it is actively looking for account updates.
- Do not e-mail personal or financial information. E-mail is not a
secure method of transferring this kind of information over the Internet.
Sites that need your personal information will ask for it through their
secure website which should feature a lock icon in your browser's status
bar at the bottom. Unfortunately, this is not completely foolproof, as
some phishing operations have forged this icon.
- Another preventive measure is to always use anti-virus software on
your PC, make sure it is up-to-date and is set to scan all incoming
e-mails. Some phishing expeditions contain small programs that will load
themselves onto your computer and track keystrokes or look for specific
files that may contain sensitive information.
The Anti-Phishing Working
Group, a global organization formed to wipe out Internet scams and
fraud, has a comprehensive website including an archive of known phishing
scams dating back to September 2003. If you think you have received a
bogus e-mail, this list may have it to confirm your suspicions. The
group's website is found at: www.antiphishing.org.
With this information in mind, and a wary eye toward suspicious e-mails,
you and your information may not become caught up in a phishing net.
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email mousepad@chebucto.ns.ca. If we use your question in
a column, we'll send you a free mousepad.
Originally published 13 February 2005
