No Phishing

Mar 24, 2008 at 6:39 PM
Phishing emails are emails that appear to be from your banking institution, and appear to have a valid link, but are actually links to a website dressed up to look like your banking institution (AKA: B of A, Paypal, BB&T, WaMu, etc).

For instance, the link might appear to be to:

secure.realbank.com/log-in-page.html

but when you hover over it, it actually goes to:

secure.realbank.com.faker.liar.com/log-in-page.html
OR
secure.realbank.com.faker.liar.com/whatever.html

The way that works is:

The owner of liar.com sets up a subdomain of "faker", with a subdomain of "com", with a subdomain of "realbank" with a folder in it called "secure" and BLAMO, puts a page up that mimics some authentic website.

Phishing is fraud, and is RAMPANT online. It is one of the most prevalant forms of identity theft out there.

The second someone inputs their username and password, the page sends their precious log in information over to a dedicated thief somewhere, one who then takes that secret log-in information, logs in to the banking institution, transfers all the money away, and leaves the victim with nothing.



Not good.

In any email you get, hover over EVERY link to see if it really goes where it says it does. Read the WHOLE LINK URL. The best way to go to your bank is to just follow your pre-existing bookmarks to the website yourself. Or type the URL of your bank into the address bar yourself. OR, if you don't know the real website address, search for the banking institution through your favorite search engine. They're good about sending you to the right website. And check the URL EVERY time you insert your log-in details for ANY site.

Good. You've saved yourself, but that's like running out of a burning building and leaving your grandma behind.

What is to be done about the other less educated web users out there?

Well, most of us simply say "not me, suckers" and delete the email, harumphing in satisfaction at having ducked fraud yet again. And, some of us think we're fixing it when we mark those emails as SPAM and report it to the SPAM filtering programs that way. Not good enough. Most people DO NOT HAVE a spam filter.

Phishing is only really blasted away when you or I report it to the people who can handle it.

How do you do this?

When you get one - DO NOT DELETE IT.

Forward it, instead, to spoof@ (insert real banking institution website here) .com
or abuse@
or phishing@

(I always use all three -- one of those will be the company standard for where to send phishing emails.)

For instance, if you get one pretending to be from Wamu.com, send the email to:

spoof@wamu.com, abuse@wamu.com, phishing@wamu.com

Also, forward the email to:

phishing-report@us-cert.gov

(The US Government has an office for this, too.)

In Internet Explorer, make sure your "phishing filter" is active. It's under Tools | Phising Filter | Phishing Filter Settings.

What I always do next is:
Using Internet Explorer, I go to the phishing page - the fake one. DO NOT CLICK ON ANYTHING. Nothing Nada Zip.

Instead, using your file menu, go to :

Tools | Phishing Filter | Report This Website.

You will be taken to an Internet Explorer Phishing Report page. First, report the site, then fill out the next page.




Within a few days - hopefully before too many people have lost their life savings, the fake website will be taken down, OR, will atleast make a big phishing alert pop up for the rest of the users of Internet Explorer out there. Which is the majority of people online.

I know it's a pain in the neck to do this, but if we ALL did it, it would take away the scammers livelihood. Following the above steps saves someone else from catastrophe, as much as doing it in person. You're preventing a crime.

I think it is worth the time and effort to do.

Don't you?

0 comments