Sunday, June 26, 2005
Online Truth Part Three: Phishing
The word phishing may not be understood by the average person on the street, but if you use email you might want to understand it. The following is a good definition found on Wikepedia:
It goes like this. You recieve an email that LOOKS very legitimate from a well known company that you might normally do business with like Ebay. The email has very professional wording that sounds very conviencing. It might say that your account will be closed if you do not take immediate action by clicking the link provided in the email. The link may look conviencing like this: Google. I'll bet you thought you were going to Google, and if you didn't think you where goign to Google you probably had no idea that 69.454153 would take you to the HOEI.COM main page. I will explain that numberic thing another day, but the point is that things are not always what they appear to be in an email or on a web site for that matter.
I have recently recieved phishing emails that apeared to be from Ebay, PayPal, Wells Fargo, and others using similar tactics as described above. Most of the others were from people pretending to be respresentatives of some deceased forigner, usually from Africa with a ton of cash that needs to be claimed by someone in the USA. I was randomly chosen as the luck person to help this representative free up the cash and in return I will get a healthy percentage of the millions of dollars.
There are many people on the Internet that think you can hide from receiving these emails by obfuscating or masking their email addresses. For instance they say you should display your email as hank DOT osborne AT hoei DOT com instead of hank.osborne@hoei.com when posting comments or building web pages. Hog wash! I have a hug problem with this approach. Not everyone that surfs the Internet knows what you are trying to say when you use the ATs and DOTs. Furthermore, even though I do understand, I don't want to have to convert a persons obfuscated email address into a real one just so I can send them a message. Yes, you might avoid having your email picked up by a bot or crawler, but you may also turn away some potentially valuable contacts.
Here are a few recommendations for how to deal with phishing and spam:
You can use a separate email address for all online transactions, posts, advertisements, etc. This will not guarentee that your fiends, family, or other contacts are going to protect your address even if you ask them. For instance your Mom may forget your privacy request and sign you up for some cool offer that she found on the Internet not realizing that your email addresses are going to be sold on the open market as a result of her thoughtful gesture.
The bottom line is that if you use the Internet you are going to incure some level of risk. A little risk is okay, but you have to use a little bit of common sense. It is like driving a car. You could bar your doors like a race car and wear a helment and a fire resistant clothing, but who would want to ride with you? Instead, use your seatbelts, door locks, and keep your care in good repair. Oh yeah, don't pick up strangers. This same level of caution should keep you pretty good shape while using the Internet.
This message is also posted on The Tech Land of Ozz.
"In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack."
It goes like this. You recieve an email that LOOKS very legitimate from a well known company that you might normally do business with like Ebay. The email has very professional wording that sounds very conviencing. It might say that your account will be closed if you do not take immediate action by clicking the link provided in the email. The link may look conviencing like this: Google. I'll bet you thought you were going to Google, and if you didn't think you where goign to Google you probably had no idea that 69.454153 would take you to the HOEI.COM main page. I will explain that numberic thing another day, but the point is that things are not always what they appear to be in an email or on a web site for that matter.
I have recently recieved phishing emails that apeared to be from Ebay, PayPal, Wells Fargo, and others using similar tactics as described above. Most of the others were from people pretending to be respresentatives of some deceased forigner, usually from Africa with a ton of cash that needs to be claimed by someone in the USA. I was randomly chosen as the luck person to help this representative free up the cash and in return I will get a healthy percentage of the millions of dollars.
There are many people on the Internet that think you can hide from receiving these emails by obfuscating or masking their email addresses. For instance they say you should display your email as hank DOT osborne AT hoei DOT com instead of hank.osborne@hoei.com when posting comments or building web pages. Hog wash! I have a hug problem with this approach. Not everyone that surfs the Internet knows what you are trying to say when you use the ATs and DOTs. Furthermore, even though I do understand, I don't want to have to convert a persons obfuscated email address into a real one just so I can send them a message. Yes, you might avoid having your email picked up by a bot or crawler, but you may also turn away some potentially valuable contacts.
Here are a few recommendations for how to deal with phishing and spam:
Do not visit web sites using links provided in emails that are from businesses. Hand type the address into you browser or use a bookmark from a previous visit.
Do not vistit web sites using links provided in emails from persons that you do know know and trust.
Don't be afraid to verify the sender of an email. Send a response email to the person or company using an email address in your address book and ask them if they recently sent you a link in an email.
Use filters and rules on your email application. If you only want to receive email from people you know, then set up a filter to do this. I recommend reviwing the list of filtered emails before deleting them.
You can use a separate email address for all online transactions, posts, advertisements, etc. This will not guarentee that your fiends, family, or other contacts are going to protect your address even if you ask them. For instance your Mom may forget your privacy request and sign you up for some cool offer that she found on the Internet not realizing that your email addresses are going to be sold on the open market as a result of her thoughtful gesture.
The bottom line is that if you use the Internet you are going to incure some level of risk. A little risk is okay, but you have to use a little bit of common sense. It is like driving a car. You could bar your doors like a race car and wear a helment and a fire resistant clothing, but who would want to ride with you? Instead, use your seatbelts, door locks, and keep your care in good repair. Oh yeah, don't pick up strangers. This same level of caution should keep you pretty good shape while using the Internet.
This message is also posted on The Tech Land of Ozz.
