Phishing scams explained
From: Nick Bolton
Sent: Aug 18, 2004 10:45 PM
Subject: MailWasher - phishing scams explained
Hi, it's Nick Bolton from Firetrust.
Lately, we've had quite a few customers asking us about "phishing" - so I thought I might take a couple of minutes to tell you what it is and how you can protect yourself against it.
Phishing is a high-tech scam. The "phisher" uses spam or pop-up messages to trick you into giving out sensitive information like your passwords, credit card numbers, bank account information, or Social Security number.
Funnily enough, phishing is nothing new. It used to be known simply as identity theft and the scammers usually did it over the telephone. The scammer would call you up and pretend to be someone from the bank asking you to confirm your account information, credit card numbers, PIN numbers, or passwords. Obviously the scammer was limited by the amount of time it took to ring each person, so identity theft never really took off until the advent of email spam and websites, which meant identity theft has become much more profitable and therefore widespread. Unfortunately, it is now an everyday occurrence.
Here's how phishing works :
The scammer uses spam to send the phishing messages. You'll receive an email or pop-up message that looks like it's from a business or organization that you deal with – e.g.
your Internet service provider (ISP), AOL, MSN, Yahoo, and Earthlink
your bank e.g. Citibank, Westpac
your online payment service e.g. PayPal
a government agency
The message usually says that you need to “update” or “validate” your account information, and there's usually a threat they will do something bad if you don’t respond within a short period of time, like close your account or charge you a fine.
So, you click on the link in the email and it takes you to a website that looks just like the legitimate organization’s site, but it's a carefully constructed fake. This fake site tricks you into entering your personal information. Using this information, the scammer can then steal your identity and run up bills or commit crimes in your name.
Phishing is becoming big business. In September 2003, the US Federal Trade Commission reported that "9.9 million U.S. residents were victims of identify theft during the previous year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses."
Phew, that's a lot of people and a lot of money!
The biggest phishing scam in history occurred in November 2003, when a PayPal phishing message was sent to millions of people irrespective of whether they had a PayPal account or not. The scammers knew that there would be enough people with PayPal accounts to make it worthwhile for them.
So you probably want to know how to avoid phishing scams.
Change your attitude and behaviour towards suspicious emails and pop-up messages. Become more vigilant. If in doubt, delete it. That's why MailWasher has a 'Delete' box!
Check carefully the URLs (links to websites) within the email by using the preview pane in MailWasher. They might be links to fake websites.
Even if it is from an institution that you use, like your bank or your ISP, telephone them to confirm that they did indeed send out a message. If the message asks you to enter confidential information about yourself, such as your password or PIN number, it is almost certainly a scam. Institutions like these almost never ask for such information over the Internet.
Don't give your account details to anyone without contacting them first by telephone and making sure the email is legitimate.
Install security software. Nowadays, you need a firewall and an antivirus as much as you need locks on your doors at home. You wouldn't go out leaving all your doors open, would you?
Some phishing emails contain software that can track your activities on the Internet without you knowing about it, so make sure you're screening your incoming mail with up-to-date antivirus software. You need anti-virus software that recognizes the latest threats as well as older ones; that can fix the damage; and that updates automatically. These products are all good bets:
Panda - http://www.pandasoftware.com/
AVG - http://www.grisoft.com/
Kaspersky - http://www.kaspersky.com/
NOD32 - http://www.nod32.com/
Our own product, Benign, protects you even further by rewriting the content of every incoming email and renaming or removing any suspicious attachments.
a firewall blocks all communications from unauthorized sources and helps make you invisible on the Internet. A firewall is especially important if you have a high-speed Internet connection. Hackers love to take over broadband machines because then they can use them to spread spam even faster!
The best firewall I've come across is Agnitum's Outpost Pro. It's easy to use if you're a beginner and if you're more advanced, it gives you lots of different options. See http://www.agnitum.com/ for details.
Finally, make sure you keep up-to-date with Microsoft's patches. The latest research shows that an unpatched Windows XP computer has a life expectancy of less than 20 minutes before it is compromised. That's less time than it takes to download the patches!
So check out Microsoft's Update page to make sure you're up-to-date.
I hope you've found this newsletter helpful.
Thank you to all of you who send us your comments and suggestions. We enjoy hearing from you - please keep in touch.
And feel free to forward this newsletter on to your friends and family. If you have any questions about our products or the deals we offer, please contact us by email at firstname.lastname@example.org.
Nick Bolton and the team at Firetrust