The article provides some good advice. Unfortunately, it falls short in some areas. In particular, it focuses exclusively on Windows clients, and it doesn't emphasize enough or indicate the two most effective measures one can take to protect oneself from phishing:
1. Educate yourself on the sorts of things that can identify phishing for you. Yes, the article does some of this, but it doesn't emphasize the importance enough, or the fact that you should learn more about it than this article provides. Also, the article tends to focus on preventive tools, rather than old-fashioned eyeball-parsing examination of the emails themselves. Tools can be fooled: a well-educated, savvy user can be more difficult to deceive. In particular, viewing the source of HTML emails is typically very effective for providing information on phishing scams.
2. Less obviously, perhaps, but extremely effective, is the practice of using text-only email clients. These make it immediately obvious when someone's trying to use a phishing scam. For instance, earlier this morning I received an email purporting to be form paypal.com, complete with spoofed source address. The email was all HTML formatted, however, and the links on the page often used URLs that were not at paypal.com, giving away the scam rather quickly and easily. Viewing all email as plain text also ensures that simply opening the email will not cause it to infect your system, whereas markup interpretation by your mail client software often can cause an email macro virus or similar threat to be activated without doing anything more than viewing the email.
If you refuse to use a text-only email client, at least turn off the preview pane in your mail client so that emails aren't automatically opened when you highlight the email in your inbox. Make it difficult for any malicious activity in your inbox to occur in an automated fashion. This will also help cut down on spam, as off-site email embedded image links (and similar techniques) can also be used to confirm an active email address to which to send more spam.
Discussion on:
View:
Show:
What a coincidence that I read this today, as my Ebay account was just temporarily disabled due to an unauthorized person selling under my name! that would explain the recent emails i have been receiving from people who were complaining about non-payment of Ebay items. As I read my warning email from Ebay, I realize that I always click on hyperlinks and also keep a preview pane open. Oops.
log into my ebay. if the message shows up there under emails then was sent by ebay user; if not delete it.
I feel the article was good in what it contained but it lacked mention of an important aspect of detection - the actual information it contains. Check thing like
1. "who is it actually sent to" - often I get these Emails but they address a person that I have never heard of or a name I do not use.
2. "the official data" - things such as expiry date of the card - I have never seen a correct expiry date yet.
3. "Do you actually have an account there?" - the number of people I know that have followed these links who do't even have an account is unbelievable. I guess not much harm can happen, but it shows how stupid people can really be.
The other aspect is, if you have a connection, use the official link to go back to the company and NEVER the ones in the Email.
Add these points to what has already been said and we are starting to get closer to some real security.
The bottom line is "you have been given a brain", try using it in these things.
1. "who is it actually sent to" - often I get these Emails but they address a person that I have never heard of or a name I do not use.
2. "the official data" - things such as expiry date of the card - I have never seen a correct expiry date yet.
3. "Do you actually have an account there?" - the number of people I know that have followed these links who do't even have an account is unbelievable. I guess not much harm can happen, but it shows how stupid people can really be.
The other aspect is, if you have a connection, use the official link to go back to the company and NEVER the ones in the Email.
Add these points to what has already been said and we are starting to get closer to some real security.
The bottom line is "you have been given a brain", try using it in these things.
I am going over an email I received from PayPal.
Didn't realize the scams were so advanced. Any other info on DNS security? I am running SBS2003 would like additional info for the DNS vulnerablilities
Thanks again
Didn't realize the scams were so advanced. Any other info on DNS security? I am running SBS2003 would like additional info for the DNS vulnerablilities
Thanks again
at most 4/12 "steps" are relevant to the topic of "phishing" (with
at least one dangerous inaccuracy: phishing sites can use secure
connections just like everybody else) - the rest are general-
purpose malware advice, and completely inapplicable in
trying to "avoid phishing scams".
if you can't stay on topic, go write for playboy.
at least one dangerous inaccuracy: phishing sites can use secure
connections just like everybody else) - the rest are general-
purpose malware advice, and completely inapplicable in
trying to "avoid phishing scams".
if you can't stay on topic, go write for playboy.
for home users:
use a different email than your main home email for BOTH ebay and paypal, and your bank, or anyone else important.
use the email for ebay, paypal, etc NOWHERE ELSE! and be sure paypal one is dift from ebay one, as spammers will send to both.
if you ever get spam purporting to be from one of these, you'll know instantly that is is fake. you won't always know for sure if it is real but alot more likely, then apply the articles rules.
you can get free email accounts on yahoo, google, hotmail or others.
I have a registered domain, with a catch all so I can make up a newone pretty quick. e.g. paypal@[mydomain.com] or ebay@mydomain.com
the other thing I do at home, use text only in eudora. don't think outlook supports this. that way horrid embedded scripts or jpeg flaws never affect me.
use a different email than your main home email for BOTH ebay and paypal, and your bank, or anyone else important.
use the email for ebay, paypal, etc NOWHERE ELSE! and be sure paypal one is dift from ebay one, as spammers will send to both.
if you ever get spam purporting to be from one of these, you'll know instantly that is is fake. you won't always know for sure if it is real but alot more likely, then apply the articles rules.
you can get free email accounts on yahoo, google, hotmail or others.
I have a registered domain, with a catch all so I can make up a newone pretty quick. e.g. paypal@[mydomain.com] or ebay@mydomain.com
the other thing I do at home, use text only in eudora. don't think outlook supports this. that way horrid embedded scripts or jpeg flaws never affect me.
Remember ONE important fact. No website (whether bank, ebay, paypal or your local grocery store)that you do online business with will ever ask you to verify your username and password in an email. It wont happen. If you EVER get an email from anyone asking you to do this - it's a fake. Bin it. Simple.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
