DON'T BECOME A VICTIM OF PHISHING

I really don't believe it, but I am still hearing about individuals who are supplying their bank account details, discriminatly on the internet! What's with you? Haven't you heard yet - banks won't ask you for that information to be put on the internet. If you are convinced it is authentic and not a scam, please take the time and trouble to first phone your bank (don't take a number off the screen, rather look it up or dial 1023 for the number). check if it is a real message from the bank (which it probably won't be) and proceed from there.

There is no longer any kind of excuse for people to be caught with a phishing scam!

Don't become a victim of phishing
Andrew Parker

20 June 2006 at 10h39

A chain is only as strong as its weakest link. Last week I explained the basics of the Hypertext Transfer Protocol over Secure Socket Layer, or HTTPS, which is one of the fundamental technologies used to secure internet communications.

It is very important to realise, though, that such technologies merely secure the channel you are using. In other words, they secure a connection between two end-points. One of those end-points is, hopefully, a trusted vendor or site, the other is you. Are you the weakest link?

You may have heard of "phishing". Why it's spelt like that I have no idea, but the name is an apt one. Phishing e-mails are created to appear as if they have been sent to you by a trusted organisation, like a bank or insurance company.


Their purpose is usually to direct you to a phoney website, created to look like the home page of your bank, for instance. Once you're there, the site will try any number of tricks to get you to fill in information that could be used to access your bank accounts, or even to assume your identity. In other words, they're fishing for information.

Classic Phishing e-mails use lines such as: "there is a problem with your account", or "we are performing routine maintenance/an account upgrade/an identity check".

The alarm bells should start ringing when you see such messages. They should escalate to wailing sirens if you are told to enter any account details, PIN number, ID numbers or similar. Don't do it. The prevalence of phishing e-mails has meant that banks and the like will never request such information using e-mail, and you should never have to submit these details to your bank for any reason other than to access internet banking sites.

Ignorance
I know that for many readers the above is merely stating the obvious, yet I rant on because I've seen how believable some of these e-mails can be. It's now so easy to copy a company's logo and appearance by simply copying elements of their web page, which makes these phoney e-mails difficult to detect if you don't know what to look for. Don't become a victim through ignorance. Study the following web resources for more advice, and tell your friends about this problem:

www.microsoft.com/athome/security/email
www.antiphishing.org/consumer_recs.html
www.en.wikipedia.org/wiki/phishing
www.honeynet.org/papers/phishing

In South Africa, sadly, one is accustomed to seeing high walls, razor wire, electric fences and a rottweiler protecting a suburban home. Yet we're less enthusiastic about protecting our computers and data.

To stop a would-be hacker from gaining access to your computer, create a security perimeter around it using a firewall. Simply put, a firewall checks incoming data and says: "Yes, you're allowed in", or "Go away, I'm not that stupid". They're not to be confused with antivirus software. Better firewalls check outgoing data, too, just to be sure your PC hasn't succumbed to a nasty.

I've reviewed the excellent free firewall from Zone Labs in an earlier Switched On; e-mail online@intech.co.za for a copy of this column. You can download Zone Alarm from www.zonelabs.com - click "Zone Alarm" in the column to the left of the web page.