june 14, 2004Eileen got a spoof email from someone claiming to be Citibank today. She is a smart woman though, she checked through the real Citibank website instead of using the link in the spoofed email. Phishing is on the rise and there are still people out there who are ignorant of the fact that clicking stuff in email is the worst thing you can do -- especially when it comes to emails that purport to collecting or updating personal information.
My co-worker's wife fell for one of these phishing schemes. She received an email that had eBay's logo on it and looked just like an authentic eBay email. It was very hard to tell that it was not from eBay. My co-worker does a lot of business on eBay during his weekends and he gets a lot of email from eBay. His wife helps him out with the clerical issues. So, to her getting an email from eBay is not something out of the ordinary. Embedded in the email from the phisher was a form that asked for some really personal information: Full name, birthday, social security number, credit card number, ATM card number, ATM pin number, and mother's maiden name. I flipped out when I heard that his wife actually filled out all the information! She is a prime example of the ignorance that phishers are looking for. It's not like she is a stupid woman, it is just that she did not know that this sort of stuff is going around -- basic ignorance. She has a high trust in the company that they do business with and with an official looking email, the phisher took advantage of this trust. Some call this social engineering.
Here are some tips to avoid getting taken by a phishing scam:
- Don't click anything in an email requesting personal information. URLs are easily spoofed, especially if hidden behind an embedded .gif or .jpg.
- If you do think that it is legitimate, go directly to the website that you usually go to. If the email claims to be from Citibank, then launch your browser manually and type in www.citi.com to go to the website.
- Call the institution directly if you are very suspicious. For credit cards the toll free numbers are listed on the back of the card.
- Just remember that any upstanding financial institiution or business will never ask for your personal information through email, so if they ask you to reply with personal information via email: Don't do it.
- And just to stress. People can create some very authentic looking websites and put them on URLs that look pretty close to the real thing, or even hide the fake URL behind a frame in the window. So, go direct to any website manually, don't use any embedded links.
Save yourself some headache, time, and money. Be smart about where you go on the web, it is not as safe as most people believe. And email is not as secure either -- it is probably the most insecure thing around, any email address can be forged without much knowledge on how to do it. And don't get comfortable about phone calls while you are at it, I am not saying you should be paranoid, but a good sensible amount of paranoia will do you a lot of good. If the credit card company calls asking for information then tell them you'll call them right back because you do not feel safe talking with them like that. Then call the number on the back of your card.
Hacking is not always about cracking passwords or code. Most of the time it is about taking advantage of a human's trust and/or ignorance. And I truly believe with our "we don't read manuals" and lazy society, most of the time the people that get taken advantage of are those who do not take the time to educate themselves about the things that they are using. If you are using the Internet, make it your mission to learn about it and learn about the things that you should watch out for. And once you learn that stuff, keep the learning going because as much as you learn now, the hackers and criminals will be devise better schemes to take your personal information. Maybe it is just an example Darwinism: Those that don't learn or bother to learn are the ones that get taken advantage of. The weak (and ignorant) get taken advantage of, the strong (educated) do not. Don't be taken advantage of, don't be an ignorant person.
<< back || ultramookie >>