I.m reading a lot about phishing lately. Phishing is when a Bad Person sends an email pretending to be from a company that we know and trust. The email usually encourages us to go to a familiar looking but fake website that asks for personal information. Credit card numbers, addresses, phone numbers, and Social Security numbers are the usual targets because these things help the Bad Person steal our identities and spend lots of money on our credit.
What To Do
There are several approaches that ought to be used together to prevent and identify phishing scams:
1. Filter out the phishing email before we have a chance to click on anything bad. Webmail.us does this for our customers (how could we do otherwise?). No such technology is foolproof, however. This is why we should use multiple techniques.
2. Education. My bank, Ebay, Microsoft, and pretty much every respectable business out there will not ask for our passwords, credit card numbers, etc. unless we tell them we need something from them. It does not happen the other way around. If you know a business that really does send people such requests inside email messages: tell them to stop! They will confuse their own customers.
3. Get your computer up to date. Use windowsupdate.microsoft.com to get the latest updates for Internet Explorer. Windows XP users can also download service pack 2 which, among many other things, has some anti-phishing patches.
4. Get protection into your web browser. I use Firefox with a nifty little extension called Spoofstick. Spoofstick is also available for IE. It adds a new toolbar that does nothing except tell you which website you.re really on. A phishing email that takes you to a fake version of Ebay can.t fool Spoofstick– it will report your real location as something other than Ebay in large print at the top of your web browser. Look out for clever misspellings!
Another free tool is . If someone sees a phishing email they can forward it to the folks at phishguard.com. And when someone later tries to open a website that is known to be fake a big warning window pops up letting the computer user know not to proceed.
What.s Around The Bend?
Smarter browsers and email programs. IE 7 is supposed to have some serious anti-phishing technologies when it.s released for Windows XP users, as will the Thunderbird 2.0 email client.
Smarter email servers. Email servers will soon be doing more to make sure that a message from my Cayman Islands bank (I wish) really is from my Cayman Islands bank. This is similar to what is already being done to catch spammers sending email from computers that are not authorized to send any email. Read up about SPF on spf.pobox.com – we recently integrated this into the Webmail.us filtering system. More on that in my next post.
Learn more at: www.antiphishing.org and at an FTC web page dedicated to phishing: .