.:fountaincity.com - kansas city's urban homepage

Tips and Tools
Going Phishing

Burton Kelso

Integral Computer Consultants
Contributing Writer

A phishing scam is generally an attempt to get an unsuspecting user to ‘confirm’ personal information such as a bank account, credit card or social security number. the phishers send out millions of e-mails in the hopes that a few will ‘bite’ (thus the reference to fishing). it has been reported that as many as 5% of recipients respond to phishing attempts.

the most common companies that are ‘spoofed’ in the current phishing scams include Amazon.com, Bank One, Citibank, EarthLink, eBay, Wells Fargo and PayPal, but more will come.

the most recent Wells Fargo look-alike phishing scam asks users to review recent policy changes, but requires the user to login to their account to get to the message center. once you have typed the username and access code, you have been had!

any reply to the message to ask them to stop is completely futile, since the address that you are replying to is generally fake as well.

the main reason that phishing scams are on the increase is because of a vulnerability that was discovered in Microsoft’s Internet Explorer browser that allows a malicious user to send an e-mail with a link that ‘spoofs’ a legitimate site.

this means that a link that looks like it would take you to www.bankname.com would actually take you to www.HackerWebsite.com/%0StealYourInfo, but Internet Explorer would report to you that you were at www.bankname.com.

the site would replicate what the actual bank’s website looked like, complete with indicators that you were on a secure website (https:// and the little yellow lock on the bottom right corner) to entice you to give up your personal information.

anything that asks you to update or confirm your social security number (when was the last time your SSN changed?) or any other personal information, especially when it comes in the form of an e-mail should instantly send off warning bells in your head.

e-mail has always been a fairly questionable source for information, but now it has become downright untrustworthy. corporate logos, links to websites and references to government or corporate security agencies can all be ‘spoofed’ in an attempt to get you to give up some piece of personal information that can be used to victimize you.

tips on how to protect yourself from phishing scams:

first and foremost, make sure that you have updated Windows and Internet Explorer with the latest security patches by going to http://windowsupdate.microsoft.com (do not put www at the beginning), so spoofed website addresses can not be displayed in your address bar.

whenever a link in an e-mail message is suspicious, do not click on the link; manually type the link into your browser’s address bar so you can control where you actually go. if the site does not have any reference to the information contained in the e-mail, it was likely a phishing scam.

finally, when in doubt, call or manually e-mail the company for clarification, but never respond to the message.

if you feel you have been a victim of a phishing scam, contact your financial institution immediately to get your account access code changed.