MENU

INTRODUCTION GEEK SPEAK CONTROL VIRUSES DEAL WITH SPYWARE AVOID PHISHING SCAMS MAILBOXES FOR SPAM PATCHES AND UPDATES FIREWALLS DEMYSTIFIED SHOP ONLINE SAFELY AVOID HACKERS BACK UP YOUR DATA TEST YOUR KNOWLEDGE ABOUT WRITER FEEDBACK

LINKS TO MORE INFO

CERT HOME USER GUIDE MS SECURITY BASIC MS SECURITY ADVANCED MORE SECURITY BASICS BUSTING HOAXES PROTECT RIGHTS ONLINE GUIDE TO RAID HOW FIREWALLS WORK ADVANCED TOPICS

AVOID PHISHING SCAMS

"Ebay is closing your account due to abusive activity. Click HERE to update your information."

No matter how convincing, no reputable company should be asking you to update your personal information by clicking HERE. They may instruct you to login into you bank website or to go to paypal.com or ebay.com and sign in and correct something, but they only provide a direct link to fix a problem by giving you some additional details about your account that only you and they should know. This has its own set of security risks.

For example, Microsoft sent me a valid email that looked like a phishing email the other day. Becuase they had my name, address, and the last four digits of my credit card number, they met the challenge of authenticating their email as legit. Nevertheless, I didn't follow the link because it's a bad practice, and I try to do as I recommend to others. But the lingering question I have is this: what happens if this plaintext email, or the millions others sent out by companies, are intercepted and read by these phishing scam artists? The next era of phishing scams will be highly successful if and when someone with malicious intent and a little networking skill starts looking for these emails. Don't automatically trust any email that makes a request of you, no matter how convincing.

Some of the fakes, after all, are very convincing. Address spoofing (GS) is initially convincing unless you already understand how easy it is to do and read this type of email with a suspicious eye. Citibank was one of the first hit hard by this scam back in 2000. The scam has proliferated to eBay, Paypal, various financial institutions both known and obscure, but the target for the scam has remained constant - get the user to provide his login or otherwise share personal information through a spoofed (GS) site via a phoney email link. It may not just say CLICK HERE - it may look like a full link. But that's not always the site it will take you to. If you accidentally follow one of these, know three things:

1. Check the address bar to see if you are at the site you expected.
   Site name long and confusing? If you can't find where you are easily,
   you should close your browser immediately. And if you have other windows
   open, close them, too. Why?


2. Because new exploits (GS) are often sent through these links. If your
   machine is not completely up-to-date with the latest patches for your
   browser and operating systems, you could have a problem. Patch immediately
   if this happens to you.


3. According to callforaction.org, the latest scam is to use a real link to
   the company being spoofed. Once at the site, a pop-up window asks for your
   information. That information is then sent to the criminals.