At Computer Courage, we help a lot of customers recover data and passwords, remove viruses and spyware, and restore computer systems. One thing we can’t help you with, however, is stolen identity and/or stolen funds. The modern age of computing has brought us many conveniences – I pay almost all of my bills online. Along with those conveniences come new responsibilities and risks, and having seen the worst of these risks, I’d like to devote this newsletter to helping our readers understand the risk of a dangerous technique called Phishing.
The definition of phishing, according to Wikipedia, is “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.” This is a long winded way of saying that phishing is an attempt by bad guys to trick you into giving them your secret information. When a bad guy successfully phishes you, he or she will acquire banking passwords, credit card numbers, email passwords, etc. This information is very dangerous when put in the wrong hands – it can lead to great expense on your part, inconvenience, invasion of privacy, and identity theft.
What you need to know. Below are some explanations and guidelines to avoid phishing:
- Don’t give any information overemail when requested. No bank will ever email you to ask you toverify your information (address, password, credit card info, SSN,etc.) So you can just plain ignore any such request – it’sbogus. If you are unsure, you can always contact us.
- Don’t follow links fromsuspicious emails. I’ll go into detail about links in a moment, butfor now the safest way to avoid going to the wrong place is to go directlyto where you want to go. Just open up your browser and type in theweb address of the institution instead of clicking on the link.
- Upgrade your browser (InternetExplorer 7 and Firefox 3 are the current versions) and enable the Phishingfilter in IE.
- Run good antivirus software at all times.
- Watch for sites that don’t useHTTPS security (look got https:// instead of http:// in the URL.)
- Know your URLS – this is themost complicated but most important. This is a bit too complicatedto explain in an newsletter, so
- Here’s a great case study of aphishing technique such as described above. Notice in this one thevisible link looks normal, but the link actually takes the user somewhereelse. The lesson is don’t follow links from email. See anexample here.
Remember, your best technique is common sense. Keep these main philosophies:
- Be skeptical and cautious withall banking transactions.
- Avoid opening links from emailwhen possible.
- Never give your privateinformation for “verification purposes.”
- Run antivirus software andupdate your browser.
- Know your URL structure.
When in doubt, contact us at Computer Courage and we’ll help you with any suspicious emails, websites, or computer behavior. Thanks everyone and stay safe.
By the way, we’ve moved to 2093 Rose Street in Berkeley, come visit any time.Oct 3rd, 2008 | Posted in: Getting Things Done