Take care out there - everybody is after your hard earned money. Spend it rather than let it get stolen from you.
Don't become a victim of phishing
Andrew Parker
20 June 2006 at 10h39
A chain is only as strong as its weakest link. Last week I explained the basics of the Hypertext Transfer Protocol over Secure Socket Layer, or HTTPS, which is one of the fundamental technologies used to secure internet communications.
It is very important to realise, though, that such technologies merely secure the channel you are using. In other words, they secure a connection between two end-points. One of those end-points is, hopefully, a trusted vendor or site, the other is you. Are you the weakest link?
You may have heard of "phishing". Why it's spelt like that I have no idea, but the name is an apt one. Phishing e-mails are created to appear as if they have been sent to you by a trusted organisation, like a bank or insurance company.
Their purpose is usually to direct you to a phoney website, created to look like the home page of your bank, for instance. Once you're there, the site will try any number of tricks to get you to fill in information that could be used to access your bank accounts, or even to assume your identity. In other words, they're fishing for information.
Classic Phishing e-mails use lines such as: "there is a problem with your account", or "we are performing routine maintenance/an account upgrade/an identity check".
The alarm bells should start ringing when you see such messages. They should escalate to wailing sirens if you are told to enter any account details, PIN number, ID numbers or similar. Don't do it. The prevalence of phishing e-mails has meant that banks and the like will never request such information using e-mail, and you should never have to submit these details to your bank for any reason other than to access internet banking sites.
Ignorance
I know that for many readers the above is merely stating the obvious, yet I rant on because I've seen how believable some of these e-mails can be. It's now so easy to copy a company's logo and appearance by simply copying elements of their web page, which makes these phoney e-mails difficult to detect if you don't know what to look for. Don't become a victim through ignorance. Study the following web resources for more advice, and tell your friends about this problem:
www.microsoft.com/athome/security/email
www.antiphishing.org/consumer_recs.html
www.en.wikipedia.org/wiki/phishing
www.honeynet.org/papers/phishing
In South Africa, sadly, one is accustomed to seeing high walls, razor wire, electric fences and a rottweiler protecting a suburban home. Yet we're less enthusiastic about protecting our computers and data.
To stop a would-be hacker from gaining access to your computer, create a security perimeter around it using a firewall. Simply put, a firewall checks incoming data and says: "Yes, you're allowed in", or "Go away, I'm not that stupid". They're not to be confused with antivirus software. Better firewalls check outgoing data, too, just to be sure your PC hasn't succumbed to a nasty.
I've reviewed the excellent free firewall from Zone Labs in an earlier Switched On; e-mail online@intech.co.za for a copy of this column. You can download Zone Alarm from www.zonelabs.com - click "Zone Alarm" in the column to the left of the web page.
Next week I'll be covering the Windows operating system - how and why to update it, with links to information that will help you "lock it down" securely.
Posts
No comments:
Post a Comment