Filed under: Security
Beefing up your Phishing net
Phishers -- in their sinister attempts to bilk you out of your time, money, and personal information with bogus emails -- are becoming more and more clever. Luckily, with a little critical thinking and up-to-date software, you can keep yourself safe.
Typically, to avoid falling victim to phishing, check the URL that the email is asking you to click. Does it look right? One popular façade for phishing attempts is PayPal, and there's a new technique that makes it look like the request is coming, securely, from paypal.com. For the technical among us, it exploits a flaw in one of PayPal's screens that allows a phisher to include a redirect URL in an address that begins with https://www.paypal.com. Sneaky. Thankfully, Firefox blocks it on the rebound.
Also, emails that ask you to verify or enter account information (that you've already entered) have a high degree of poopiness about them. Reader Allan noted that because Apple is in the process of switching people to Mobile Me, some phishers are using the confusion to send people emails asking them to enter new billing information for the new service. That, of course, isn't necessary, and if you get that kind of email, you should delete it.
Another good way to protect yourself is to use an up-to-date browser. Firefox includes protection against known phishing sites, and warns you about them before letting you proceed. Safari, currently, does not, but 1Password does, and it works seamlessly with Safari. Installing one of these options is especially important for parents and grandparents that may not be as familiar with these attacks as their kids.
Lastly, there's a great overview at macphishingprotection.com, which notes, "Phishers win even if you make only one mistake." Truer words never spoken.
Thanks, Allan, Fernando and Aviv for the heads-up!
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Mark said 3:14PM on 7-06-2008
One very nice solution which I miss here is using OpenDNS (http://www.opendns.com). This service automatically blocks all known phishing sites (1Password actually uses their service) without having to install additional programs or plug-ins. Furthermore it allows you to block websites by category, e.g. no porn websites, no racism, etc.
Reply
Isaac said 3:26PM on 7-06-2008
One of firefox 3's best features is the extra security. I can't count the number of times (2) that I was browsing for porn and had firefox warn me I was going to an unsafe site.
Reply
Allister said 3:44PM on 7-06-2008
I find some of the phishers' attempts at URLs to be quite entertaining. My favourite is recent attempts at a local New Zealand bank, "Kiwibank". The start of the URL is unremarkable (but clearly not any bank), but then ends with /kiwibank/kiwibank/kiwibank/kiwibank/kiwibank/kiwibank. No kidding!
Reply
Galley said 5:19PM on 7-06-2008
Phishing e-mails can be forwarded to the appropriate address as an attachment. This retains the header information, so they can be investigated.
spoof @ebay.com
spoof@paypal.com
Reply