Laptops Desktops Monitors & LCDs Graphics Cards Handhelds Phones Software Networks Printers More »
search
AnchorDesk

Robert Vamosi
When crooks go a-phishing, don't bite

Robert Vamosi
Senior Editor, Reviews
Monday, September 29, 2003
TalkBack!Add your opinion
The old adage that you can't always believe everything you read holds especially true when it comes to e-mail. From Viagra spam to viruses sent by acquaintances, you can't take every piece of e-mail you receive at face value.

New Norton AntiVirus
Norton's just released the 2004 version of its immensely popular antivirus app. Our reviewers say it's a good choice for first timers, but not enough of an improvment to warrant upgrading from NAV 2003.
The latest case in point: I recently received an e-mail that appeared to be from eBay, the online auction house. The message informed me that the company was updating its customer database and that it'd been a long time since I visited them. Could I please update some of the personal information attached to my account? Soon after that, I got a similar solicitation from PayPal.

Small problem: I've never used eBay or PayPal.

CURIOUS, I checked out the eBay link and was taken to a site with the familiar eBay colors and graphics. It was convincing for a moment. Then I noticed that the URL was in no way related to the eBay domain. Also, the information requested on the site--Social Security number, mother's maiden name, driver's license number--was stuff no sensible person would divulge online without asking a lot of questions first. I knew then that I was the victim of a "phishing" expedition.

The term "phishing" is relatively new, but is becoming widely known thanks to several recent scams involving America Online, eBay, PayPal, Amazon, and others. Phishers send out e-mails like the ones I received, hoping to fool regular users of these services into divulging personal details. Those details can then be used to perpetrate identity theft. Unfortunately, enough people fall for the scam, so we keep seeing these e-mails.

Even if you don't supply the information, simply loading the phony Web form can be dangerous. These sites may surreptitiously download spyware and adware onto your computer. Or, worse, the page may contain malicious scripts that could damage your system.

Like Swen, the e-mail virus that hopes to lure you into clicking on its attached file, phishing scams prey on the ease of e-mail. But just as we've learned not to open files attached to unsolicited e-mails, we should now avoid following links embedded within such messages--or, at the very least, be extremely cautious about it.

SO, the next time you get an e-mail from someone you don't know and it contains an embedded link, let your mouse hover over the link before you click on it. If the link text reads "www.legitcompany.com," but you see "www.fraudcompany.com" on the status line, you'll know not to click.

Unfortunately, it's not always so cut-and-dried. Malicious users can spoof addresses so the URL on the status line looks legit, yet really points somewhere else entirely. If you do click on such links, hit the Back or Home button on your browser immediately. You may be able to prevent something from being transferred to your PC.

All this isn't to say we should abandon e-mail. Not at all. It's just that we all need to be more suspicious of our e-mail, instant messages, and pop-up solicitations. The Internet has passed through its age of innocence and moved onto horseplay and malicious pranks. Can maturity be very far ahead?

Have you ever received an e-mail solicitation asking you for personal information? Tell me about it--TalkBack to me below.

Note to TalkBack users: We upgraded TalkBack last Friday. This means you will need to register in the new system, if you haven't already. The TalkBack username and password you used before Friday will not work anymore. We apologize for the inconvenience.

Previous Story  Next Story 

Special sponsor stores

Virtualization

advertisement
Click Here