| What is Phishing?  Phishing - the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.
Webster's New Millennium™ Dictionary of English, Preview Edition (v 0.9.7)
Copyright © 2003-2008 Dictionary.com, LLC | | Your Bank Knows who you are! By now you must have heard the term "Phishing" derived from the other type of "fishing" where unsuspecting computer users simply by logging on to their bank account or reading their emails are "lured" into giving up personal information because they thought their bank or other financial institution was asking for them to verify it. If you remember nothing else from this newsletter remember this one thing..
YOUR BANK KNOWS YOUR PERSONAL INFORMATION. THEY WILL NOT ASK FOR IT ONLINE UNLESS YOU ARE SIGNING UP TO OPEN AN ACCOUNT FOR THE FIRST TIME.
So how do they get you without your bank knowing about it, and how do they masquerade as your own trusted bank? Well it's all in the URL or Uniform Resource Locater which is a fancy name for a directory name. Just like you are listed in the phone book with your various phone numbers, the Internet has its own phone book with these directory names or URLs, next to each is an Internet (phone) number known as an IP (internet Protocol) address. | | Sending you to the Wrong address
For example when you type chase.com into your Firefox, Explorer, Safari or AOL web browser, your PC goes to an "Internet Phone Book" (more accurately called the Domain Name Server or DNS) and looks up the appropriate IP address for the chase.com web site. Thereafter all other page and listing URLs will be some subset of that IP address. It all sounds a bit complicated, I know but bear with me here because the important thing to remember is that it is possible to mess with your computer settings so that when you type in or click on a link that says for example "chase.com/logon" you will in fact be directed to a completely bogus IP address sitting on a criminal's computer in Russia or Brazil.
This is just one way to scam you and just another good reason to keep your virus protection and antispyware up-to-date and active. These corruptions to your DNS settings can come from viruses, spyware and malicious spyware known as malware.
The other scam which catches a lot of users is the way URLs are presented in emails, for example an email may have the line.. "Click here to logon to your bank and verify your personal data." Again I repeat..YOUR BANK KNOWS YOUR PERSONAL INFORMATION. THEY WILL NOT ASK FOR IT ONLINE UNLESS YOU ARE SIGNING UP TO OPEN AN ACCOUNT FOR THE FIRST TIME. However you can easily check that the link is correctly presented by placing your mouse over the link WITHOUT clicking. After a few seconds the true URL should appear and if it does not match do not click on it. Let me demonstrate. Click here to go to disney.com. Did you see my web address appears even though it says disney.com? These are the easiest phishing scams to find so don't be fooled again. | | OpenDNS Finally many web browsers such as Firefox 3 and Internet Explorer 7 have phishing filters built into them. They refer to a database of known phishing sites and will warn the user when they are being directed toward one of these malicious sites. However, the Safari browser and others don't all have such filters so to avoid being "phished" you should change the DNS (internet phone book) settings so you do not get snagged. By changing your DNS settings from the default, given you by Optonline, Verizon or whomever you use as your Internet provider, to a free service known as OpenDNS you can also avoid being redirected to the "wrong part of town." The two pictures below show you the DNS settings for OpenDNS as it should be entered in Windows XP(left) and Mac OSX(right).
| |
