What is phishing?
Phishing was coined by some hackers when they were ‘fishing’ for user names/password during the AOL days. It is a technique used hackers to collect personal information from unsuspecting users.
What can go wrong? Why should I be worried about phishing?
Here is the deal. Lets think that someone creates a banking website and lures you into entering your login and password. Or lets say he makes you enter your SSN and other personal details. He will collect this information and will silently log in his database. With this information, he can do whatever he wants. He can log into your account and transfer the money to his account. Even if you don’t have money, he can open a new account and get a car loan and buy Porshe :D All this time, you will be clueless of happening and suddenly you will get a big lawsuit one day and only then you will realize that you have been phished.
If this true, what can I do to prevent this?
Be careful. That’s right, you have to be a little careful while entering any information in any website especially banking web sites.
Let me dive into details
Whenever you visit a banking website or any site or a site that request you for a credit card look for the following information
1. Make sure that the URL is secured (i.e.) it starts with https://
2. Make sure that the secure (lock) icon appears in the bottom of the internet explorer window.
3. Double click the lock and make sure that the certificate is valid
a. The name issued matches the URL you are viewing
b. The date is still valid
c. And you trust the issuer (optional)
d. And internet explorer doesn’t complain about this certificate
4. Another item is look for, to make sure that when you right click on the page and click Properties on the popup menu and match the URL shown with that of the certificate. This is especially useful when entering information in a POPUP window.
5. Last one, just be careful with credibility of the site themselves and you know that they are trust worthy
6. NEVER TRUST the URL that comes from any email (even it’s from your trusted friend). Lot of viruses can easily forge the email headers to make it look like it came from your friend, but actually from a hacker.
Go through following two articles. I would highly recommend you go through both of them for sure. It will help you identify fraudulent emails
Phising Basics. Part 1: http://www.microsoft.com/athome/security/quiz/phishingbasics1.mspx
Phising Basics. Part II: http://www.mailfrontier.com/forms/msft_iq_test.html
Don’t think that you know everything about phishing. You know nothing until you take the above quiz.
No comments:
Post a Comment