The web design blog
Gone phishing
Saturday 10th October 2009
After the high profile phishing attacks on Hotmail, Gmail and Yahoo! Mail this week, the strongest message yet to internet users is that they need to be more vigilant than ever when shopping and managing their personal data online.
Even if you were one of the lucky ones whose accounts wasn't compromised, there's steps you should take to ensure it doesn't happen.
What is phishing?
Phishing is the criminal process of stealing someone's personal data online. This data tends to be credit card details, usernames and passwords. In this week's case, a bunch of fake versions of websites were created, asking users to enter their log-in details (which were then stored to be used on the real sites later).
The most common way to find yourself on a phishing site is by clicking a dodgy link in an email. Although if you have downloaded spyware you may find youself with a range of problems, including:
- DNS pharming - this is where your browser is hijacked and redirects to a phishing site by hacking your HOSTS file
- Key-logging - this is where everything you type into your keyboard is logged and accessed by the data snatchers at a later date
If you think you've fallen for a phishing scam
- If you've entered your log-in details into a fake site, then you should change your password immediately
- If you've paid for a product on what appears to be a fake site, then you should contact your bank immediately. They will be able to tell you more about the payment. If the purchased product doesn't materialise then you should consider cancelling the card you used for payment
Steps to take to avoid phishing scams
- Keep your email address private. There's less chance of getting caught out in a phishing scam if the data snatchers don't know your email address
- Be wary of file-sharing services. If you download files (illegal or otherwise) from peer-to-peer networks, like eMule and Kazaa, then you run a very high risk of downloading a virus (like a key-logger). Once you give a virus access to your computer you could be in big trouble
- Keep passwords unique. Don't use the same password for all your accounts. If one account is compromised, then all your accounts could be compromised. If you have trouble remembering all your passwords then use a password manager like KeePass
- Check every link before you click. Learn to become wary of every link you click, especially links in emails. Check where a link goes by looking at the location in the taskbar (that's the strip along the bottom of your web browser - see image below).
It's very easy for fraudsters to send you an email that looks like it came from your bank or some other official business. Whatever you do, make sure you treat all emails with the highest scepticism. Be particularly wary if you are asked to divulge your bank details or told to log-in to a website - Check for secure pages. When purchasing goods online, make sure the page is fully encrypted. Look for the padlock and make sure the URL begins with https://
- Upgrade your software. Make sure you are using the latest versions of your web browser (we recommend Firefox) and have all the latest patches for your operating system (see Windows Update if you use a PC)
- Use AntiVirus software. There's plenty of top quality, free software out there like AVG (incorporating their useful LinkScanner software), Avast, Microsoft Security Essentials and CCleaner. Also, make sure you have a firewall, like ZoneAlarm or Comodo installed
- Alexa Rank. Using the SearchStatus Add-on for Firefox you can check what a website's Alexa Rank is (it appears in the taskbar of your web browser - see image below).
This will help you work out if the website is legitimate or not. The smaller the Alexa Rank the more popular the page is, e.g. Gmail has an Alexa Rank of 1 while Hotmail is ranked 5
Further reading
- Anti-Phishing Working Group
- Advice from Twitter about a phishing scam they discovered
- Hacked web mail accounts used to send spam
phishing, web surfing, security
posted by Blair Millen in the category: security
