Slashdot is carrying an interesting story this afternoon about Phishing ("Phishermen" send emails that seem to come from legit companies, asking for personal information). The article claims that only 4% of internet users can detect a Phishing scam all the time. This is PITIFUL. It really isn't that hard, so I am going to make a couple suggestions:
1.) Watch for things out of the ordinary! Never give excessive personal information without reason. Why would a bank, where you don't have an account need personal info? Why would amazon need your SSN?
2.) Watch out for links that don't point where they should. Phishing works by fooling you into visiting a 3rd party website, so some of the links will be wrong. Look for addresses not from the correct domain (like ebay.com). You can often tell where a link points by holding your mouse over it and looking in the status bar (every email client & web browser is different).
3.) Watch for typos. When was the last time a real company had lots of spelling errors in a publication?
When you do find a phishing attempt, forward it to the company it claims to be from so they can warn people (most online companies have an address for the purpose)
You can find the original articles here:
http://www.internetnews.com/security/article.php/3566071
And here:
http://it.slashdot.org/it/05/11/28/2239217.shtml?tid=172&tid=218
Well, I am typing this on a handheld, so enough ranting for now.
12/29/05 4:14 PM EST: Edited to make the links clickable
No comments:
Post a Comment