Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, December 21, 2005

Receipt of your payment - Phishing

There are hundreds of fake messages which might be used to trick you into clicking some link in your Email. I’ve already written about the “Have you been visiting illegal web sites” and other fake Amazon or Ebay messages. These message look legitimate, and as they become more compelling more users will be reeled into the web of identify theft.

This week I’ve been getting messages letting me know “Your payment was successful”, complete with a valid looking PayPal payment.  “What payment, I didn’t make this payment!”. This tactic is no doubt very successful.  I’m sure people want to correct this error for fear their bank or credit card account might be charged. Just like your mother always told you, “Don’t believe everything you read”

This internet has adopted the term “Phishing” for this type of behavior.  The sender mass Emails out some kind of legitimate looking message in hopes you’ll click on a link which will take you into their evil realm.  The Email may even contain your name or city. Once you’ve click it will still appear to be a valid site and will most likely request some personal information or credit card data to resolve the problem.   As soon as you click on Submit, you’re a new victim to identify theft.

Another variation called “Spear-Phishing” encourages users to go to a web page where malicious code may automatically be downloaded to you machine.  The malicious program may have many evil purposes but typically it will record all your keystrokes and steal passwords and/or credit card information anytime its used in the future.

If you’d like to learn more about some common tricks used to infect your system with Spyware I encourage you to read Top 10 tricks causing spyware epidemic written by my friend Suzi Turner.

 

 

 

 

 

Share on Facebook


1 Comments:

Anonymous Anonymous said...

Bill,
I've found that one of the best ways to cut down on spam is to simply close the inbox preview pane in my e-mail program. I know that by doing this any spam mail I recieve will not be opened so that it can be viewed in the preview pane, my e-mail program will not contact the spammers server to download graphics, and no HTML code will be executed.
Another benifit is that the spammer won't know that he has hit a sucessful e-mail address since the message doesn't get opened thus reducing my chance of getting on further e-mail lists.
So, in addition to this one simple tactic I also use filtering for the mail that I do want. I simply creat folders for the different types of mail that I get, and when an e-mail comes in from a source that belongs in one of those folders I just use the organizer wizard to creat a rule that will send it there the next time it comes in. After a while the only things that get left in the inbox are unexpected messages and junkmail that the spamfilter missed.
This works very well, and I recommend it to everyone.

12:17 AM  

Post a Comment

<< Home