Beefing up your Phishing net
Phishers -- in their sinister attempts to bilk you out of your time, money, and personal information with bogus emails -- are becoming more and more clever. Luckily, with a little critical thinking and up-to-date software, you can keep yourself safe.
Typically, to avoid falling victim to phishing, check the URL that the email is asking you to click. Does it look right? One popular façade for phishing attempts is PayPal, and there's a new technique that makes it look like the request is coming, securely, from paypal.com. For the technical among us, it exploits a flaw in one of PayPal's screens that allows a phisher to include a redirect URL in an address that begins with https://www.paypal.com. Sneaky. Thankfully, Firefox blocks it on the rebound.
Also, emails that ask you to verify or enter account information (that you've already entered) have a high degree of poopiness about them. Reader Allan noted that because Apple is in the process of switching people to Mobile Me, some phishers are using the confusion to send people emails asking them to enter new billing information for the new service. That, of course, isn't necessary, and if you get that kind of email, you should delete it.
Another good way to protect yourself is to use an up-to-date browser. Firefox includes protection against known phishing sites, and warns you about them before letting you proceed. Safari, currently, does not, but 1Password does, and it works seamlessly with Safari. Installing one of these options is especially important for parents and grandparents that may not be as familiar with these attacks as their kids.
Lastly, there's a great overview at macphishingprotection.com, which notes, "Phishers win even if you make only one mistake." Truer words never spoken.
Thanks, Allan, Fernando and Aviv for the heads-up!
Share
Categories
Phishers -- in their sinister attempts to bilk you out of your time, money, and personal information with bogus emails -- are becoming more...
Add a Comment
Phishing e-mails can be forwarded to the appropriate address as an attachment. This retains the header information, so they can be investigated.
spoof @ebay.com
spoof@paypal.com
I find some of the phishers' attempts at URLs to be quite entertaining. My favourite is recent attempts at a local New Zealand bank, "Kiwibank". The start of the URL is unremarkable (but clearly not any bank), but then ends with /kiwibank/kiwibank/kiwibank/kiwibank/kiwibank/kiwibank. No kidding!
July 06 2008 at 3:44 PM Report abuse Permalink rate up rate down ReplyOne of firefox 3's best features is the extra security. I can't count the number of times (2) that I was browsing for porn and had firefox warn me I was going to an unsafe site.
July 06 2008 at 3:26 PM Report abuse Permalink rate up rate down ReplyOne very nice solution which I miss here is using OpenDNS (http://www.opendns.com). This service automatically blocks all known phishing sites (1Password actually uses their service) without having to install additional programs or plug-ins. Furthermore it allows you to block websites by category, e.g. no porn websites, no racism, etc.
July 06 2008 at 3:14 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3



4 Comments