Phishing (pronounced like fishing) has become more common in recent years. I'm sure many of you have received a phishing email but just didn't realize what to call it.
If you've received an email from eBay, PayPal or a bank (yours or not) telling you that you needed to log in and re-verify your username and password or to apply some new security feature (with dire consequences if you didn't), then you've received a phishing email. These emails are doing just that; fishing for information.
Phishing is an attempt to steal your information (username, password) and possibly even your money. I personally know some people who were tricked this way when the emails first started appearing. Most of the original phishing emails were directed at PayPal and eBay. But, once the thieves saw that they could trick people into giving away their information so easily, they quickly turned to banks.
What can you do?
Two things.
First, NEVER follow the link in a Phishing email, even if you just want to go to the site and enter some bogus info to show that you're not falling for their trick. Some of these fake websites have been reported to also have spyware payloads automatically install (which can capture what you are typing on your keyboard), allowing the thieves to steal your information even though you didn't willingly give it to them.
Second, forward the email to the real company that the thieves are pretending to be representing. For instance, a PayPal phishing email should be forwarded to spoof@paypal.com. eBay also uses a spoof account for collecting these fraudulent emails. Some banks have their own address, but when I can't find one, I usually just forward it to abuse@thebanksname
By reporting the frauds, you are keeping other innocent users from falling into the thieves' trap. The sooner the legitimate company knows about the scam, the sooner they can start working on getting the web site shut down.
Following these simple rules with phising emails can help keep your information and money (as well as everyone elese's) safe.
Feel free to comment.
2 comments:
Hi, just came across your blog. Great stuff! Got some questions...how can you tell if this spyware is being automatically downloaded? Is there a way to stop it? And if you already have it on your computer, is there a way to tell?
Well, depending on the size of the download, it could happen in a few seconds. As for stopping it, you only have a few seconds to stop the complete download, so the chances of doing that are pretty slim.
Once infected, the only possible way to remove it is with software designed to do that. I usually turn to Spybot Search & Destroy to scan for spyware and adware.
You can download Spybot for free at http://www.safer-networking.org/en/download/
Unfortunately, I can't seem to get the site right now.
Post a Comment