Tuesday, April 17, 2007

Going Phishing?

A few years ago, I received an email that appeared to be from Paypal. I clicked on the link inside and since the webpage I landed at looked like Paypal, I innocently entered my login and password. Imagine my surprise when the next day I found out someone had stolen my Paypal account and made fradulant purchases! I had just been spoofed.

This was early in the history of spoofing and Phishing and I'm happy to say I haven't been duped since.

What is Phishing?

"Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication." (from Wikipedia)
What can you do to protect yourself?

1. Are you expecting an email from this company? When I've made a purchase on Ebay, I expect to receive emails from them about my purchase. But when I received one today, I knew that I hadn't made a purchase and was immediately suspiscious.

2. Does it ask you click a link or have a sense of urgency? Rather than clicking the link in the email, go to your web browser and enter the known website address yourself. Once you've logged in, if there's something that needs attention you will see the message.

3. After clicking on a link, take a careful look at the website address. It should read the same as if you'd entered it yourself - www.paypal.com or www.ebay.com/whatever.html. If it reads as anything else, be suspiscious. (examples are: http://signin.paypal.com@,, www.secure-paypal.com, etc.)

4. When in doubt, ask the company directly.Paypal and Ebay (and I'm sure many others) encourage you to forward them any suspect emails. Send to spoof@paypal.com or spoof@ebay.com and they will let you know if it is legitimate.

Bottom line: When in doubt, check it out!

More information from Paypal: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/RecognizePhishing-outside

More information from Ebay: http://pages.ebay.com/education/spooftutorial/

No comments: