My first PSA for 2008
Hopefully after reading this post you will not gain any knowledge, having already read the below many times so that it is second nature. Hopefully you have told others about what I am about to write. Hopefully you have been practicing what I am about to preach for quite some time. I say all of this because nothing that I am about to write should be new to you, or anyone who has been using a computer in the past 5 years. Unfortunately, every now and then, the obvious needs to be stated and intelligence needs to be insulted. Which brings me to my first Public Service Announcement of 2008 — What is Phishing and how to avoid the bait. (Catchy, isn’t it!)
A while back I was discussing with some friends about who in their right mind would click on a link from an unsolicited email or IM and willingly give their password, bank account info, or any private information for that matter. We came to the conclusion that most computer users would not fall for this type of thing, and that only people like my grandparents might be easily tricked given their lack of use and understanding. Turns out we were very wrong, because just today I had to deal with a phishing attack that fooled some users.
According to Wikipedia, for any who may not know:
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used.”
So how will you know if you are being “phished” and how will you avoid it? I will sum it up into a few easy to understand and easy to practice points.
1. Don’t believe everything you read: Be suspicious people! If you receive an unsolicited email asking for personal information…question if it is real. Is it personalized? Do you even have an account with them? Is the grammar correct? Does it sound too good to be true? Does it sound ominous? Chances are if you ask yourself these questions you will realize it is not legit. Companies will not randomly send you an email asking for your information.
2. Don’t follow links: So you got past number one, but think that the message may still be legit. You click on the link and it brings you to a site asking for information but what do you do? Close your web browser. Yep, thats right….close it. But hey, you thought it might be legit! Ok, now open a new browser and manually browse to the site in question. This way you at least know that you are not at a replica site (I won’t get into DNS spoofing). If you want to change your password, do it here. If you want to check your account, do it here. If you want to call customer service, get the number from here. DO NOT click on the link and use that site to enter your information.
3. Secure it: In general, when you are logging into a site or entering sensitive information make sure the site is secure. This means that the web address should have a https:// in the beginning instead of the usual http://. That little s makes a big difference because it means only the web server receiving the information can see it. Without the s, more people than you realize can and will look at your data.
I believe these three steps will help keep your information safe and system administrators happy…and whats better than that!
Filed under: Security | 4 Comments
Tags: phishing, privacy