Phishing is a confidence trick. It involves sending a fraudulent email, supposedly from an organisation that might have access to your financial details. The email asks for confirmation of account details, often forwarding you to a convincing looking web site to harvest your details. It’s very easy to copy logos and design from an original site, making the fake look very convincing indeed.
Phishing attempts generally come as a variation on this theme, but they have evolved over time so that the fake sites and emails look more and more genuine. Some phish sites even include the antiphishing information that you’d expect to find in the genuine article. Remember that the URL displayed for a hyperlink may not be the actual resource that it points to. It’s even possible to mask the address displayed in a browser address bar, although many fraudsters simply use a very similar domain name to the one they want to copy.
It’s very easy to fall prey to a phishing attempt and personal vigilance is your only real protection. Some internet security suites include antiphishing components, which often work by referring to a list of known fraudulent emails. This is a similar approach to that used to detect viruses, spyware and spam, but it does have its limitations. Be wary of lulling yourself into a false sense of security if you use this kind of protection. There’s no substitute for good old human scepticism.
Avoid emails that include forms in the body of the message, as it’s difficult to verify where the data will be sent to. It helps to avoid HTML email completely or make use of the picture blocking feature in the latest versions of Outlook, Outlook Express and Windows Mail. To turn off HTML email in Outlook Express or Windows Mail, choose Tools, Options, Read and put a tick in the box marked Read all messages in plain text. To do the same in Outlook, select Tools, Options, Preferences, Email Options, and tick Read all standard mail in plain text.
There are dishonest people about. It’s much easier to lie convincingly by email when you don’t have to look someone else in the eye. Keep a healthy distrust of correspondence received this way.
Is my mail genuine?
Few financial organisations send email. Here’s how to spot a fraudulent one.
1
When you receive an email, remember that the sender information may be fake, as could any URLs quoted in the mail. Be particularly suspicious if there is a note of urgency in the email or a threat to close your account. Never follow links in commercial email that you suspect.
2
Head to www.millersmiles.co.uk. This is a site that indexes recent phishing scams. You can look for your mail here or subscribe to the RSS feeds to stay up to date with the latest warnings. You can also report suspected phishing attempts here.
3
Some commercial sites provide information and help for people who have received phishing emails. eBay provides a tutorial at http://pages.ebay.co.uk/education/spooftutorial/ and it provides a service for reporting phishing attempts. Other companies have similar services. Type the URL for the site you want to check directly into the address bar.
0 comments:
Post a Comment