Monday, May 9, 2011

phishing.....not like the good ol days...

it's common knowledge these days that e-mails can contain viruses or other harmful things in them. are you aware that some e-mails are sent as a way to gain personal information about you, such as account numbers, credit card numbers, and other identity threats? e-mail boxes have long been the victim of spam e-mail (i seem to have 50 to 200+ spam e-mails in my junk folder every time i log in), but with the ever growing "phishing" attempts, even e-mails you think look reputable, can be riddled with harm. are you as e-mail smart as you think? below is a link to a test to your ability to identify legitimate e-mails and ones that are fake. my boyfriend was sent this link by his college professor for one of his cyber crime classes. he took it, and though he aced it, he said overlooking little things could have easily made him answer wrong. he then proceeded to have me take it, which i too aced (thank goodness i have such an amazing teacher teaching me about all this!). but how do you do? i encourage you to take it first, and then read on with the rest of my blog. test your basic knowledge first, and then come back and i'll explain! ready set go! -->Phishing Test! <--

soooooo... how'd ya do?...... don't feel bad if you got some, or a lot, wrong. there was someone in his class that got 1/10 correct... majority of his class missed 3.. only one other aced it. and these are people majoring in this stuff!!! so don't feel bad. pick yourself back up and lets put a stop to this, shall we? we must not let these phishers conquer us *fist shake*! here are some tips on how you can become a smarter and safer e-mail user.

first off... i keep saying this word... phishing... what is it you inquire? it is any attempt to steal or trick a person into giving up personal information, usually by e-mail (lets keep in mind, this can be used on websites as well, but i'm going to talk mostly about e-mail for this post).  it poses as something legitimate to get you to give up your information to *dun dun dun*... 'the malicious ones'... without you even knowing you gave it up willingly.

the 3 things you should check with every e-mail you should open.
1.) who is it from, and what is the sender's e-mail address
2.) what does the e-mail say
3.) are there attachments and/or links

so lets explain those all in more detail.

1.) who is it from? do you know this person? is it an e-mail you were expecting or is it unsolicited? i tend to have the rule, if i don't know who it is, i don't even bother opening it. it goes straight to the trash folder. but sometimes you're unsure. if it is from a company, they will never use a free email service such as yahoo, hotmail or gmail. so there is your first clue of someone attempting to trick you. if the e-mail is from, say,, it's soooooo not legit. don't trust it. even your friends' e-mails can become compromised though, and send you malicious things under their name, so you always need to be cautious.

2.) what is the e-mail about? are they saying something is wrong with an account you have? or you need to verify personal information with them? how are they asking you to do this? if it says "click on this link and fill out your info so we can confirm" don't do it! i'll explain more about that in section 3 though. are they asking you to call this 1-800 number of theirs to confirm your info? eh.. double check the number first. check the number on your card or statement to make sure it is the companies real number. are they asking you to do anything at all from this e-mail they sent you? be cautious. if a reputable website does need you to verify something, they will never do it over e-mail. they will tell you to log into their website (which you should type in yourself) and make the necessary changes from there. a reputable company will also have things spelled correctly. if the message is full of typo's, you know "tmo's" are up to no good.

3.) i'll start by saying this... rarely should you trust links in an e-mail. you should get in the habit of not even clicking on them. "tmo's" are very good at hiding evil things in their links. one second you're reading an e-mail warning you there is a problem with your bank account being compromised and that you need to log in to their website following such and such link to sort the matter out, then...... aaaahhhhhhhhhhhhhhh... you've been duped! nothing was actually wrong with your account! they got the information they wanted as you tried to "fix" it! so we need to learn what links are safe, and which ones we should ward off like a non sparkly vampire.

lets talk about secure websites to get our basics. have you noticed that when you log into a website that stores personal information about you, such as banking websites, credit card websites, you cellphone carrier website, etc, that up in the address bar, the link starts with https://?  that "s" at the end of the normal http stands for "secure". secured from what you ask? from people viewing your stuff! ok, so that's not a good enough explanation is it, so lets take a little technical detour for a moment. i promise, this won't be dan technical, afterall, this is layneman's terms, so follow me on this. when you enter something, such as log in information into a website, it needs to send that info back to the webserver. during that process, your info takes a journey. now, if you're not using an https website, that info is sent 'as is', unprotected, for "tmo's" to intercept. however, if the website you are using IS an https website, the info you send is encrypted, meaning it scrambles itself so the information can't be viewed, much like the chocolate bar scene from willy wonka. so, https = very good when entering personal information you don't want others to see.

ok, out of technical land, and back to stomping out the bad guys and learning which e-mails to trust. 

often times, when phishing e-mails give a link to follow, you won't see that https. so that could be your first clue that you could be looking at a fraudulent e-mail. (though the lack of an https website doesn't necessarily mean the website is bad, but that is for another blog post)  but i already said you should make habit of not clicking on links in e-mails, didn't i!? so you weren't going to click it anyway were you? gooood! you should still know the difference from a real link and a malicious one though. now, i want you to try something for me.. scroll back up to the top of the post and put your mouse over top of my "phishing test" link. don't click on it again... just let the pointer hover over top of it. you'll notice, in the bottom left corner of your browser the web address of that link will be displayed there. that is where all your clues are my friends! make sure you check that before you click on annnnything! is the https there if you're supposedly being transferred to a site where you'll need to type in personal information? does the link in the left corner match up with the link they said in the e-mail? even one letter change can mean you're going to a site that can cause harm. are you even going to a site that remotely deals with what the e-mail said? or are you thinking you're going to your bank login, but the link provided is sending you to ""? be careful of what you click on! using my "phishing test" link again as reference, you'll notice that i could type in what i wanted instead of putting what the link is. i could write anything there! if you didn't check the lower left corner, you wouldn't even know until it was too late! something that says "click here" to review your account info, could really be covering up the fact that they're sending you to "". always check the lower left corner people!

now, this should be common sense, but never EVER ever ever ever, download an attachment from someone you don't know. and unless you were expecting said attachment from someone.. be cautious. i cannot tell you how easy it is for someone to break into your computer remotely if you click on something bad. i've witnessed it myself, (under a controlled setting of course.. for learning purposes only.) but again... that's another blog post for another day.

when in doubt, don't click. companies know scams like this are out there, so they will never ask you to follow a link from an e-mail and enter personal information. always type in the address of the website you know you can trust, and log in from there. don't be lazy people! this is your identity we're talking about!

whew.... that was long, but hopefully informative! any questions, feel free to leave in the comments, as well as your test scores!

No comments:

Post a Comment