Features
login
| |||||||
Phishing, by J. R. Hartley
Phishing (pronounced fishing) has become a major problem for internet users. A few years ago it was easy to spot bogus requests that arrived in ones In-Tray:
Plese click heer to updat yor accont detales
but modern Phishing scams are much more sophisticated with the standard of English regularly exceeding the abilities of most Aldbourne Teenagers. For those readers that think they can already spot a phisherman at work you may wish to skip to the end or click here to find an interesting little test. Everyone else please read on and I'll try and give you a few pointers to help you avoid those hooks, lines and sinkers.
Rule number One:
All emails are guilty until proven innocent.
Rule number two:
Obey all the rules
Sounds simple doesn't it? However most people fail to apply rule two and hence fall foul of rule one. When an email arrives ask your self the following questions:
1) Do I personally know the individual sending it? (Yes/No)
2) Was this email solicited (Yes/No)
3) Is it unimportant (Yes/No)
If you can answer No to all three questions then treat it with caution and you'll be a long way towards living a phishing (and virus) free existance.
"Okay", I hear you say, " but what about some practical guidance?".
Most browser security is dependent on the domain name; that is the part of the web address between the "http://" and before the first '/'. All valid domain names must have at least one '.' in them (the www bit at the start doesn't need to be there - if its not the browser will assume you mean www).
http://aldbourne is not valid
but
http://www.aldbourne.org.uk and http://aldbourne.org.uk mean the same thing.
The www bit is called the Primary Domain, but you can have other letters here in which case they are called sub-domains. Web sites often use these to logically group the content of their site. So
http://www.aldbourne.org.uk is the main site
http://chat.aldbourne.org.uk is the forum.
both owned by the web site group. No one else can buy or create a domain that ends aldbourne.org.uk. Browser security assumes the domain name is proof of authenticity.
If you receive an email proclaiming to be from your bank, but the link does not have the banks proper domain, then treat it as a phishing scam. Most street smart institutions will only contact you by snail mail (Ed: don't you mean Royal Mail?) if they need some formal action from you.
How are we doing? Here is a little test. Let us assume you have an account with the First Bank of Aldbourne and you know its domain is www.aldbourne-bank.co.uk. Is the following a legitimate domain?
http://www.aldbourne-bank.co.uk@aldbourne-bank.com/reregister.asp
Yes or No ? Tricky isn't it? The catch is that the domain name is everything between the 'http://' and the first '/' so in fact this is a fake address. Any characters other than letters, numbers, '-' or '_' in the domain name should be treated with caution.
If you are not sure what domain a link takes you to you should place your mouse over the link. The domain name will appear in the status bar at the bottom of the browser. Try it by rolling your mouse over this text - what do you see at the bottom of your browser. Alternatively you can use your mouse to 'right click' on the link and select 'properties'. This should also show you the links full URL. The same trick can be used on the page you are viewing to display its origin.
Sometimes images can masquerade as links to fool you but if you use these last two tips you can always reveal their darker purpose.
Okay, are you ready for a test? Click here and have a go and see if you get caught out.. Don't worry if you don't spot the bona-fide sites, as long as you spot all the fake sites then you have done well. (ps, Did you check my link before running the test? What did you see?)
I hope you have found these tips useful. Remember that the only person that can truly protect you from harm is yourself and in cyberspace suspicion is a virtue.