Phishing – the slang term used by
virus creators – fools users into believing their bank or credit
company wants to update/re-sort/reclassify its database, or is reporting
an unauthorized use of your account, thus making them click on a link
and submit personal sensitive information which can then be used to
fake identities and misuse facilities. Imagine your ID numbers and passwords
landing straight into the hands of a thief! The medium used could be
an email or a pop up.
HOW BIG IS THE THREAT?
The recently concluded study (October 2005)
by AOL and NCSA examined about 350 users to evaluate the threat. They
found 1 in 4 users getting a phish email. The sample was about 100 users
who were asked to turn off all anti-spam and take in all the emails.
Users were then queries over phones and personal interviews. The results
were as follows:
- less than half knew the word ‘phishing’
- just over a half could define it
- more than half had either no antivirus
or an non-updated one.
- The majority (>80%) thought they
were safe from online threats.
What to do?
It can be difficult to identify a fake
email from a genuine one if the attacker has done the hard work of imitating
the original ones. Yet there are ways to distinguish between the two.
For example, your hotmail service often sends email reminders to you.
Their emails in the Mail folder come with a icon of a butterfly attached
alongside. This icon can only appear in emails originating from the
company office. Of course, someone in the company may misuse their service,
but then this would be a different crime, and not phishing.
Ask your important service providers such
as banks for such identification marks, or look out for them regularly.
You can even contact them over phone and confirm if such emails are
being sent to all the customers.
Whom to report?
Send suspected phishing emails to spam@uce.gov
and reportphishing@antiphishing.org.
More information
For further help, consult www.staysafeonline.org
or any other Internet security site.