Tuesday, December 07, 2004

Gone Phishing

I got an email today that bugged me. It’s not the first time I got one of these, and I suspect it won’t be the last. It’s someone out there on the web goin’ phishin’.

Now, you’ll notice that I didn’t spell that “fishing”. The newer spelling refers to someone out dangling electronic bait in my face, hoping I’ll bite and give them some of my personal information. Here’s what these emails are like:

They usually start out by establishing their credibility. They’ll look like they’re from some institution (often financial, but it could be your ISP, or eBay, or anyone else you deal with). I’ve gotten ones where the phishers even mimicked the company logo and web address.

Then they tell you there’s something wrong with your account. Sometimes, they’re spoofing a general sweep, like the company was trying to update their databases, or even that there’s been an error and they need to reconstruct their information. They tell you that in order for your account to continue, you have to fill in some vital information to “verify”.

That “verification” can happen either via email, by replying to the phishing message, or by going to a website and filling in the information. Both are usually bogus.

Once someone, thinking they are preserving their account, fills in the information, it’s captured and the phisher walks off with your info. Then, they can send out spam from your ISP account, steal money from your PayPal account, post fraudulent auctions from your eBay account, or just have the weekend of their lives with your credit card.

The single biggest thing you can do to protect yourself is not reply. If there’s concern, or if you think it might well be legitimate, call or email the company being represented directly and ask if the concern is valid. Don’t make any contact off the email. Go directly to their .com website, rather than a link in the email. Look up their toll-free number. Get confirmation before you respond.

Many virus protection programs can screen out many of these phishing lines, so running a good filter or firewall is valuable.

For more information on how to protect yourself, look up this article from the FTC’s website. Or for more background, this article about the history of phishing from the Wikipedia.

No comments:

Post a Comment