Defense Against Crime

05/10/2011

What you need to know about Phishing

In the sport of fishing, the fisherman drops bait that is disguised as a food source for the fish into the water. A fish sees it, and thinking that it is something they want or need, go to eat it, only to be snared by a hidden hook. Phishing employs the same methods and techniques. “Phishing” is a highly popular form of social engineering. Unlike other forms of cyber attacks, phishing does not take elaborate software, viruses, or hacking to get information from its victim. The bait of choice for these criminals is a tool readily available to nearly everyone with an internet connection your e-mail address. It is relatively easy to acquire a few hundred email accounts and trick people into giving away personal information. The user is given bait in the form of an e-mail from a seemingly legitimate source, such as a bank, Credit Card Company, sweepstakes, college bursar’s office, even the IRS. The goal is to trick the user into taking the bait and providing personal information by either requesting information or “verification” of identity and financial information. Usually financial related e-mails carry some dire warning to this or similar effect: “If we do not receive verification of your information within 24 hours, your account will be suspended and your funds unavailable to you”

Getting you to take the Bait

Most of the time, the e-mail contains a hyperlink to fraudulent, but very legitimate-looking web site, complete with official logos and even official content. The page features an authenticate-looking fill-in -, which asks you to supply personal information such as your name, address, phone number, Social Security Number, ATM PIN, credit card account numbers, bank account numbers, and driver’s licenses number. They are looking for information that will allow them to either access your accounts to clean you out or information they can use to steal your identity. Many people in the internet age are so conditioned to respond quickly to “official” request and to fill in “official: forms, that without thinking we give up this information.

Who are these Phishers?

Phishers pretend to be trusted sources, and often prey on older people. Many pretend they are your bank or website like Facebook or PayPal, and ask for you to input passwords or other info to solve a potential problem. Others Phishers may pretend to be people you know (sometimes through hijacked email addresses) or try to prey on your family using information about you publicly viewable on social networks, like LinkedIn, Facebook, or Google+. People have been scammed on Facebook by people pretending to be their friends or relatives.

There’s no software cure for phishing. If there was device to prevent people from being fooled, it would be a best seller. Computer users, simply have to stay educated and aware of these scams. They need to critically and carefully read emails before clicking links or giving out information. Here’s a few brief tips to keep yourself safe from phishers.

  • Don’t open emails from suspicious addresses or people you don’t know. Email isn’t really a safe place to meet new people!
  • You may have friends that have email addresses that are compromised, and you may get phishing emails from them. If they send you anything weird, or aren’t acting like themselves, you may want to ask them (in person) if they’ve been hacked.
  • Don’t click links in emails if you’re suspicious. Ever.
  • If you end up on a website, you can generally tell who it is by checking the certificate or looking at the URL. (Paypal, above, is genuine. The IRS, at the lead of this section, is fraudulent.)
  • NO BANK, GOVERNMENT AGENCY, UNIVERSITY, OR OTHER BUSINESS will ever send you an unsolicited e-mail request for identifying information. Certainly, no legitimate organization will ask for PIN or passwords.

Detecting the Phish: The URL

Most Of the fake web pages direct you to an unofficial URL. You can Google the IRS and see that their web page address (URL) is http://www.irs.gov


  • Look at this URL. It seems unlikely that the IRS would be parking a website on a URL like this.


  • An authentic website may provide a security certificate, like PayPal.com does. The IRS does not, but US government websites almost always have a .GOV top-level domain instead of .COM or .ORG. It’s very unlikely that phishers will be able to buy a .GOV domain.
  • If you think your bank or other secure service may need information from you, or you need to update your account, do not click the links in your emails. Instead, type in the official URL and visit the site in question normally. This guarantees you won’t be redirected to a dangerous, fraudulent website, and you can check to see if you have the same notice when you log in.
  • You should always verify via telephone using the phone numbers on the official site, if this is a legitimate request. NO NOT USE the phone numbers of the suspected scam site.
  • Never, ever give out personal information like credit card or debit card numbers, email addresses, phone numbers, names, addresses or social security numbers unless you’re absolutely sure you trust that person enough to share that information.
  • If you want to have some fun: Put a boot on their phish hook.

SEE ALSO

PepperEyes.com is dedicated to providing you with the best and most affordable personal protection products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for yourself, your home or your business, purchase our high quality discount personal protection products and arm yourself with the knowledge of the best way to stay secure in an ever-increasing violent world. In today’s society being equipped mentally and physically is no longer an option.     –by Victor Swindell

Advertisements

1 Comment

  1. You made some decent factors there. I looked on the internet for the problem and located most people will go together with along with your website.

    Like

    Comment by telefon komórkowy dla seniora — 28/10/2011 @ 1:20 PM


RSS feed for comments on this post.

Blog at WordPress.com.

%d bloggers like this: