Home / Business Channel
 LOOK FOR...   WITH KEYWORDS:  
AT WORK AT HOME BIZ OPPORTUNITIES LEGAL FORMS AFFILIATE PROGRAM

C  H  A  N  N  E  L  S
Consumer Watch
On The Money
Career Track
Health Quest
Business
Small Office
Web Builder
Marketing
Classifieds
 INSIDER REPORTS
Credit & Debt
Biz Finance
 RESOURCES
IR Journal
Legal Forms
Letter Templates
Archives
HOME

S U B S C R I B E

Good To Know
Computer Security Day
Contract Review: Checking For Key Contract Elements
Well Met: Making The Most Out Of Meetings

 

 

SPONSOR LINKS

Automate Your Email
Use autoresponders to automatically deliver sales information to customers

Small Business Guide on CD-ROM
Free small business guides & techniques

Your Logo on Anything
Personalize pens, bags, shirts, caps, golf balls, whatever

Wholesale Products For Your Business To Sell
Stock your store with thousands of products to choose from

Language Translation Service
Online language translating service

Cheap Ink Cartridges
Epson, Canon, Lexmark, and HP inkjet cartridges for 50%-80% off

 


PRINT THIS

“Phishing” For Suckers: Two Things You Should Look For In An Email

by  John  R  Young 

“For Your Immediate Attention! Don’t Lose Your Account! Update Immediately!”

Bob opened the email and was confronted by the logo of one of his major credit card companies. He had been carrying the card for some time, and had used it for a lot of online purchases.

Understandably he was concerned with the message under the logo: “Due to online identity theft, we need to verify that the information in your account is accurate, or we will be required by the FTC to suspend it”.

Below was an itemized list of the information he was required to verify: his old account number, name, address, telephone number, social security number, and mother’s maiden name. The also wanted him to change the password to his account.

Panicked, Bob hit the reply button and started filling in the information. He didn’t want to lose that account. He had set up several online accounts using that credit card number, and used it to buy and sell in online auctions…

THE “PHISHERMEN” AND THEIR HOOKS

“Phishing” is a technique used by identity thieves to stampede people into giving out their credit information online. The scam has been around for awhile, and, unlike Bob, most people are aware that they should never:

• Be intimidated by a message found in an “authentic looking” email

• Reply by giving vital information to the “phishers”

• Open up any links contained within the email, which can download “criminalware” onto their computer.

We all know these facts intellectually, but when confronted by an intimidating message, many of us react emotionally, not rationally. Maybe I’m more easily intimidated than most, but I’ve found myself opening an email and feeling compelled to fill out the information the message demands.

I have to confess an incident that occurred when I almost did that very thing. In my own defense, however, I have to say that it happened before I’d ever heard the term “phishing”. Fortunately I became suspicious before hitting the “Send” button.

But I almost did it. I almost sent it off and thereby gaffed myself.

THE LAKE IS GETTING CROWDED

Although the public is becoming savvier to this scam, the “phishermen” must be experiencing success because the Anti-Phishing Working Group, http://www.antiphishing.org/ reports that phishing incidents are on the upswing.

They list 28,571 consumer reported incidents in June 2006, almost double the reported numbers in June 2005.

More suckers are being “phished” than ever before, and as every honest fisherman knows, there is no bag limit on suckers.

HOW TO IDENTIFY LEGITIMATE EMAILS

Of course, the best thing to do when asked for vital information by someone purporting to be a legitimate credit card company or other institution is to call the company on the telephone and ask if the email in question does indeed come from them. Then, if it has, go to that site to change your information.

But there are a couple of “quickie” things you can look for in the email itself, which you should do if you are alarmed by the message and tempted to jump.

1. Check the “From” Address to see if the address is correct. It should come from a top level domain, i.e. ebay.com, not a sub domain such as ebay.security.com. A sub level domain can be obtained on line for free, and is not something a legitimate company would do.

2. Make Sure the “digital signature” is valid.

KNOW YOUR DIGITAL SIGNATURE

I don’t know if you’re like me, but my eyes glaze over when somebody mentions the words “digital signature”.

Basically, it’s just an electronic means of verifying that the email you received:

• Has originated from the source it claims to come from

• Hasn’t been intercepted and repackaged on the way.

An email that is “digitally signed” has a little red icon down in the lower left hand corner in the ‘To…From” box.

Click on that icon and you can find information about the sender. Be sure your email client is “S/MIME” compliant. “S/MIME” compliancy is supported by over 350 million email clients, including Microsoft Outlook, Lotus, Novel, Netscape and MacMail.

As noted on the antiphishing site, this is unspoofable for two reasons:

• It is strongly encrypted.

• It is generated when you open the email, not at the source

The email client has validated four things on receiving this email:

1. The email address in the “From” field matches the one in the digital certificate.

2. The certificate was issued by a trusted authority.

3. The message wasn’t tampered with in transit.

4. The certificate itself has not expired.

To put it simply, the certificate makes sure the email has indeed come from who it says it has come from, and hasn’t been tampered along the way.

To see what the certificate looks like, check out:

http://www.antiphishing.org/smim-dig-sig.htm

THREE WAYS TO PROTECT YOURSELF.

There are three good ways you can protect yourself from “phishermen.”

1. Call the company they supposedly represent. Don’t respond to alarming statements demanding personal information online.

2. Don’t open any links in the email. They can download “criminal ware” that can start gathering vital information off your computer.

3. Don’t open suspicious emails unless you have an “S/MIME” compliant email client and can view and open that digital icon.

LOOKING FOR SUCKERS

The phishermen are out there and still looking for suckers. Based on the rise in reported incidents they are still finding them. Armed with a little knowledge and a healthy awareness, you won’t end up in their “game bag”.

You definitely don’t want that…because the next stop is the frying pan.

John Young is a writer with a scientific and programming background interested in Informational Marketing, Alternative Medicine, Computer Software and Pets. At the age of 62 he has four grown children and 13 grandchildren. He lives in California.
Full Author Profile -->

PRINT THIS

 

DEPARTMENTS
Launch

Feature Story:

The Myth Of Being Your Own Boss
Managing Without Mom

Feature Story:

How To Reframe For Success

R E C E N T   S T O R I E S

Building Castles Made Of Sand

How To Make Communications Technology Work For You

Ten Strategies For Client Retention

Whose Corporate Website Is It, Anyway?

How To Use Bartering To Gain An Advantage Over Your Competition

Business Credit
The Layperson's Crash Course in Business Credit
Street-Smart Financing
How to Start or Expand Your Business with Street-Smart Financing
Attract the Perfect Investor
How to Attract the Perfect Investor for Your Business
Federal Help For Your Business
How to Obtain Local, State and Federal Help For Your Business

 

 

InsiderReports

Home  | Affiliate Login  | Search  | Advertise  | Classifieds  | Contact Us  | About Us  | Index
 
The Horizons Unlimited Group

Copyright © 1996-2009 Horizons Unlimited Group. All Rights Reserved.     Privacy Policy | Terms of Use
 

Click to verify BBB accreditation and to see a BBB report.