Phishing - basic information about Phishing

FreewareVista Great Freeware
Freeware and free trials, tips and resources

Phishing

Phishing is one of the more frightening security issues - it involves attempts to dupe an unwitting computer user (via emails or websites that appear legitimate) into divulging confidential information such as account passwords or other private information.

A common easily identified example is email that arrives completely unsolicited, promising a large commission from an overseas conglomerate or the estate of a wealthly person, just for helping to deposit millions of dollars. Such would be laughable if it were not for the fact that some individuals have fallen prey to such schemes - typically involving an exchange of what turns out to be bogus money orders or cashier's checks.

Another example involves emails that appear to be from well known websites informing you that there is a problem with your account, and asking you to reveal account information. There is typically a link in the email to a website that appears legitimate (where you are then supposed to enter the requested information), but the website is in fact a bogus copy of the real thing. More recently such emails and websites have become increasingly sophisticated, and may appear quite genuine.

Obviously, given the great reliance that exists today on computerized, internet-based financial transactions, any general loss of confidence in the integrity of such transactions could have serious consequences for individual businesses and even entire industries. Fortunately, much has already been done to address the issue. Financial institutions and the computer security industry have been hard at work educating customers and implementing wide-ranging security proceedures.

You may have noticed that banks, for example, have improved their login security to guard against unauthorized access and specifically to prevent phishing schemes (note the use of picture site ID's). Keep in mind too, that financial organizations use very advanced technology to encrypt transactions, thus preventing eavesdropping. Actually online transactions are quite safe as long as one takes reasonable precaution.

For starters, very pertinent to the individual computer user, Microsoft has created a phishing filter built right into your Internet Explorer 7 - you can turn on the Automatic Phishing Filter by going to Tools -> Phishing Filter -> select the radio button to turn on the filter -> click OK. You may also like to obtain an additional Phishing Filter (with more capability, such as site ratings and download evaluations) - for instance, I like the McAfee free Phishing Filter, find it at my Phishing Defense Tools page.

You may also like some help with Phishing emails and there too, tools exist. You might like to try the Zone Alarm Security Suite which includes a Phishing Filter for email as well as the ability to report Phishing Emails to Zone Labs for their followup with authorities - very handy indeed, and it feels good to do something about it by contributing to the solution. Note also, the Mozilla Thunderbird 2 email client has built in phishing protection.

Lastly, as it is with any security and safety issues (not just with computers), common sense and reasonable precaution are the one two punch to knock out risk:

Don't respond to emails from unknown parties promising financial reward and asking for personal information, they are invariably phishing schemes. Educate family members, including children who use computers, as to do's and don'ts.

Never follow links from emails to carry out a financial transaction or enter a password protected account, one easy way to handle this is to keep your passwords encrypted and stored in RoboForm and login through the stored passwords.

Finally, activate the Microsoft Phishing Filter, and implement common computer security measures such as: firewall, anti-virus, anti-spyware, UAC, automatic updates.

Good luck and good computing.

WIkipedia definition - further information on Phishing including origin of the term

Recognize phishing scams and fraudulent e-mails - Microsoft article, includes example email

Anti-Phishing Working Group - lots of helpful information, including an archive of Phishing emails