My first PSA for 2008

15Jan08

Hopefully after reading this post you will not gain any knowledge, having already read the below many times so that it is second nature. Hopefully you have told others about what I am about to write. Hopefully you have been practicing what I am about to preach for quite some time. I say all of this because nothing that I am about to write should be new to you, or anyone who has been using a computer in the past 5 years. Unfortunately, every now and then, the obvious needs to be stated and intelligence needs to be insulted. Which brings me to my first Public Service Announcement of 2008 — What is Phishing and how to avoid the bait. (Catchy, isn’t it!)

A while back I was discussing with some friends about who in their right mind would click on a link from an unsolicited email or IM and willingly give their password, bank account info, or any private information for that matter. We came to the conclusion that most computer users would not fall for this type of thing, and that only people like my grandparents might be easily tricked given their lack of use and understanding. Turns out we were very wrong, because just today I had to deal with a phishing attack that fooled some users.

According to Wikipedia, for any who may not know:

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used.”

So how will you know if you are being “phished” and how will you avoid it? I will sum it up into a few easy to understand and easy to practice points.

1. Don’t believe everything you read: Be suspicious people! If you receive an unsolicited email asking for personal information…question if it is real. Is it personalized? Do you even have an account with them? Is the grammar correct? Does it sound too good to be true? Does it sound ominous? Chances are if you ask yourself these questions you will realize it is not legit. Companies will not randomly send you an email asking for your information.

2. Don’t follow links: So you got past number one, but think that the message may still be legit. You click on the link and it brings you to a site asking for information but what do you do? Close your web browser. Yep, thats right….close it. But hey, you thought it might be legit! Ok, now open a new browser and manually browse to the site in question. This way you at least know that you are not at a replica site (I won’t get into DNS spoofing). If you want to change your password, do it here. If you want to check your account, do it here. If you want to call customer service, get the number from here. DO NOT click on the link and use that site to enter your information.

3. Secure it: In general, when you are logging into a site or entering sensitive information make sure the site is secure. This means that the web address should have a https:// in the beginning instead of the usual http://. That little s makes a big difference because it means only the web server receiving the information can see it. Without the s, more people than you realize can and will look at your data.
I believe these three steps will help keep your information safe and system administrators happy…and whats better than that!

Advertisements


4 Responses to “My first PSA for 2008”

  1. 1 DMB411

    Great post, this makes a lot of sense.

    If not too much trouble, could you do a follow up post about DNS Spoofing.

  2. 2 your wife's LOVAH

    there was a website that actually provided a quiz of some sorts to see if you could spot the fraudulant site/e-mail. I’m embarrassed to say I only got 7 out of the 10 right.
    This isn’t the one I took, but it’s along the same lines.
    http://www.sonicwall.com/phishing/

    this was another one.. of course MS trying to pimp out their security software… but still info good to know.

    http://www.microsoft.com/smallbusiness/support/quiz/quizquestions.mspx

  3. 3 oneilld

    Thanks for those links Carrie. The SonicWall site has some good examples of phishing emails and how to spot them so I recommend readers check it out.

    I like this question from the MS website:

    4. How can you prevent intruders from accessing your wireless network?
    A) Encrypt network traffic with WPA or WEP
    B) Restrict access to trusted MAC addresses
    C) Both

    The correct answer to the question, in theory anyways, is C, but in practice I would say they are all wrong. MAC Address filters may stop the average user from getting on your network, but anyone with tech background could bypass that in about 5 minutes. WEP isn’t much better, and could potentially be worse, given that there are utilities out there that can crack WEP in about 60 seconds.

    So if you really want to protect your wireless network use WPA. Maybe I’ll do a follow-up post on wireless security.


  1. 1 DNS Spoofing explained « Techdulla

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: