2007-09-19 04:51:51 · 5 answers · asked by cherandcam 1 in Computers & Internet ➔ Security
Don't click on anything that you are uncertain of. Change your password often.
2007-09-19 04:59:04 · answer #1 · answered by bonstermonster20 6 · 0⤊ 1⤋
Get the free Windows Live Toolbar:
http://toolbar.live.com/
be sure and activate the phishing filter on it.
Enjoy!
2007-09-19 05:00:39 · answer #2 · answered by Anonymous · 0⤊ 1⤋
Hey, I did a whole week long series on Phishing and how to protect yourself from it on my blog. Check it out: http://www.mybsod.com/2007/08/13/phish-week-a-less-intimidating-version-of-shark-week/
You should find plenty of information to answer your question.
2007-09-19 05:37:54 · answer #3 · answered by Tyler R 1 · 0⤊ 1⤋
Are you asking how to recognize or prevent it?
Or are you trying to find ideas to improve on them
for your own evil purposes? ;)
Seriously, though, for those who may not know: "phishing", typically, is an e-mail sent to the unwary indicating that his/her bank account or ebay acct or Paypal acct, etc, had a breach of security, and they must call a phone number or click on a link in that e-mail to rectify the situation. That phone number or link goes to a phony person or website, which may look (or sound) like the real thing, but, when you enter your user ID and password, you may find all your money gone the next minute. The word "phishing" doesn't stand for anything; it is just a derivation of the word "fishing", as in somebody "fishing" (or trolling) for your information (it is considered "spam", which is also a meaningless word).
Fortunately, there are many ways to detect a phishing scheme.
1) The e-mail does not mention you by name or by your account number. That's because it was "spammed" or sent to many people, and their addresses have been hidden by the "BCC" (Blind Carbon Copy) e-mail address entry that you may have seen when you write an e-mail. As such, you should delete the e-mail immediately.
2) The bank (or whatever) may have nothing to do with you! In other words, if it's from the "Bank of Outer Mongolia", and you do not have an account with them, then delete the e-mail! (why would you care about something for which you don't even have an account?)
3) As a matter of security policy, no legitimate bank would send such an e-mail. What should you do about it? Delete it!
4) If the phish/spam happens to be from a bank that you actually have, then you may need to look at it (don't worry; openning such e-mails will not corrupt your computer in any way, especially if you have an up-to-date anti-virus program, which 95% of computer users do; besides, it's not the "phishers" goal to kill your computer). As you read it, ask yourself this: Does that e-mail match anything listed, above? If so, then delete it (at this point, I'll bet you figured that out on your own!). But, if it doesn't match the above items, and if it includes a phone number and/or link, DO NOT USE THEM!!! Instead, call your bank using the number on your bank card and/or from the phone book, or use the website that the bank told you about, and ask them about the letter; 99.9% of the time it will turn out to be a phony (they'll probably say something like, "We don't send e-mails like that").
5) If you need more convincing that it's phony, position (but don't click) your mouse over the link that most phishing e-mails have. Using the above as an example, the link may appear to read "http://www.bankofmongolia.com", which may be perfectly legitimate, but when you look at your browser's "status" bar (usually at the bottom of that window), it will display something like, "http://123.45.678/security/bankofmongolia.com" or "http://securitydivision_protection/bankofmongolia.com", etc, etc, etc. That strange-looking address is where you are going to be taken; it's phony. No legitimate bank (or whatever) has a link that's different from what you can see in the e-mail. However, sooner or later, the phishers are going to get wise to that, and make it look as legit as possible. But, again, why would you fall for it, when all you have to do is phone your bank (per the instructions, above) and find out what the deal is?
6) Some e-mail software or web-based e-mail systems have built-in "spam" detectors, but, at least in my case, they are rarely caught because the incoming (sender's) e-mail address appears to be legit. If your e-mail system has a "view source" or "see all headers" link or option, then click on it. You'll see lots of strange things, but if you look at the ".com" (or similar) domain names that are listed, you may see that they come from completely different domains (e.g., instead of "bankofmongolia.com", it says "internic.com" or "business.ng" or similar). It's a little more complicated then I've indicated, but I think you get the idea.
7) People have a tendency to "panic" when they get such an e-mail and fall for it, especially when they read it in the evening or weekend or holiday, when most banks (or whatever) are closed. They figure that if they don't respond immediately, that their life savings will be lost. Well, think about it for a second: if it's after hours, then the bank won't be doing any business, right? So, at the very least, you're safe until it opens on the next business day. What are ya gonna do then? CALL OR VISIT THEM per the instructions, above!!!
8) Some "phishing" schemes prey on people's greed. They say something like, "We made a $10,000 error in your favor and need to fix it. Click on the link, below, to remove it from your acct." Assuming you have $10,000 in your account, and you foolishly click on the link, and enter all your info, guess where it's going to be removed to? If someone says to you, "We've just given you some money that you didn't ask for", then that's THEIR problem, not yours! I guarantee that when you call the legit bank's legit phone number, that you'll find no such money in your account. The more common scheme reads, "We'll give you $1,000,000 if you give us the "$1,000" we need to "free" the $999,999,999 account in Outer Mongolia". Hey, the risk is worth the thousand dollars, right? (I hope you didn't say, "Yeah!")
9) Here's what it boils down to: As with everything else in life, if you don't recognize the person who sent you the e-mail, or if it makes an offer that's too good to be true, or if it asks for your "assistance" or security info in any way, shape, or form, no matter how serious or innocuous it seems, then just DELETE it (you knew I was going to say that, right? Then you're more clever than I thought!). ;)
BTW, in case you're wondering, it takes only a few victims to make it worthwhile for "phishers", some of whom are kids and some aren't even based in the same country as you! The few who get caught face imprisonment in the US, but those from other countries, especially Asia and Africa, risk a death sentence for perpetrating fraud! Kinda makes you wonder how dumb the phishers are, huh? (but how dumb are the thousands that fall for the phisher's scheme?)
Finally, if, after all the above, you STILL suspect that such e-mails might be legit, then, can I interest you in the purchase of a small bridge in Brooklyn? ;)
2007-09-19 05:47:42 · answer #4 · answered by skaizun 6 · 0⤊ 1⤋
RgGuard. It's free.
2007-09-20 16:23:08 · answer #5 · answered by alnjk 4 · 0⤊ 0⤋