Phishing Scams. And that would be up to you, the user, to not fall for it. So I'll be going through steps to avoid falling for phishing scams and trojans.
So, first off, what's a Phishing Scam?
It's a scam generally sent by email that takes the appearance of something from a generally well known company, that seeks out to gain your personal info. It generally involves email, but sometimes stuff like Facebook too. For example, you can get an email that looks like it's from Apple. It'll say something along the lines of "we're doing security checks and need to make sure that your information is correct", followed by asking for crazy things like your email address, Apple ID and password, credit card number, etc . At the point that you see an email asking for your credit card number, it should be obvious there's something wrong. A Trojan Horse is similar. While a Phishing Scam is simply a trick to ask for personal information, a Trojan Horse is a piece of software that looks legitimate, but functions like a virus or a worm. An example of a trojan is Antivirus 2010 (Which isn't actually Antivirus software. If anything, it's anti-antivirus software.) or whatever generic name it wants to use this week. Also, Phishing over the phone is called Vishing.
Good to know. Now that you've explained that, what should I know to avoid it or to deal with it?
1) Do you really care? If what you're looking at doesn't interest you, you won't click it and therefore don't have anything to worry about.
2) Hover your mouse pointer over the link. At the bottom of the screen, you'll see the URL (the address) that the hyperlink you're hovering over will take you to. If it looks nothing like the website you expect it to, don't click on it.
3) If you suddenly get emails from people who you haven't spoken to in a while that tell you a site where you can get a free iPod, something is fishy.
4) I don't know if this is some crazy coincidence, but whenever I get spam, it generally haz no good grammer and splelling errorz. It's immediately obvious when it appears to be from someone that you know who has good spelling and grammar.
5) If you're still not convinced that it's spam, right click on the link to "Copy Link Location", and paste it in a Google (or Bing or Yahoo) search.
6) Check your spam/junk folder. If you're lucky, it went in the spam folder. Although sometimes legit emails do show up in there, so check your spam folder when you see something new show up.
7) If you get a spam email from one of your friends, tell them to change their password. It's best to take it safe and change the password since you never know when some random person has their password. I mean, if they were able to send spam to everyone in your friend's contact list, then they had to get access to the list somehow.
8) Web browsers generally have a phishing filter to block sites. For example, if you click the link I posted at the top of the post, it'll take you to Firefox's phishing test page. If you're using Firefox, then it'll block that page telling you that the page is trying to steal your identity. Although in this case, it's okay to click ignore and view the page because it's not actually harmful. I think Thunderbird also uses the same filter. I'd assume most email clients like Outlook Express (replaced by Windows Live Mail), Windows Mail (also replaced by Windows Live Mail), Windows Live Mail, Microsoft Outlook, Apple Mail, and other web browsers have similar filters, but I'm not sure since I don't use them.
Some examples
"Google Translate"
If you go to googletranslate.com (the real address for Google Translate is translate.google.com or google.com/translate , both work) it's not actually Google Translate. It's a site that's designed similar to Google that asks you to fill out a survey. In fact, let's look at the address that it redirects to.
Now, upon looking at this, one might assume that this is normal, since it says googletranslate.com .
But when looking for the top-level domain (the .com, .ca, .net, .org, .info, etc.), you see that the domain isn't googletranslate.com, but actually social2survey.info . It just has a whole bunch of subdomains preceeding the domain name to make it look like a normal Google owned website.
An example of Facebook spam
Facebook also has spam. Here's a spam message that got posted on my wall today.
 |
| I cropped out the person's name and profile picture. |
Another thing that makes this fishy is that when I hovered on the fourth link in the pic that says CLICK 2 SEE YOUR STALKERS (there's normally no fourth option), it showed a URL that wasn't Facebook related whatsoever.
When I went to this person's profile, I saw a so and so likes "see who can view your profile" message. I took my chances and clicked on it. Well, whereas most Facebook applications simply tell you which info it requires access to and whether or not you agree (insert South Park quote here), this page had a 3 step process. First, you needed to click "Like" at the top, then you needed to copy some JavaScript text that they showed, then you needed to paste it into the address bar and press enter. That's a pretty stupid way to install a Facebook application. Really.
In fact, that wasn't even a Facebook application page. It was just a page someone created.
Anyway, like before, tell them to change their Facebook password, just incase.
Other stuff
This isn't entirely related, but I still thought I should mention it. Windows Vista introduced a new feature to Windows called User Account Control. What this does is pop up a dialog box when the program you want to use requires administrative privileges. For example...
If you're trying to view some pictures and User Account Control comes up, then you should know there's a problem because pictures aren't supposed to make changes to the computer. Similarly, Mac OS X and Linux sometimes ask for you to type in your password, although it's pretty rare. It's usually only when installing applications or when you run some of the system utilities.
If you decide to disable UAC or run Windows without an Antivirus, then I at least hope that you know what you're doing.
NOTE: My previous blog post is at this page, since the link at the top of the post obviously didn't go there.
UPDATE - Tuesday, August 16th, 2011 9:49PM: Earlier in this post, one of the things that I suggested was to look at the address bar and make sure that the domain (website) name is what it should be and not something else. Google Chrome has highlighted the domain name since... well, since the first version was released as a beta in September 2008, but their first stable release (1.0) was in December 2008. Chrome does it slightly different than the rest, it also highlights the subdomain (the itnerd510 part). Internet Explorer has done it since the release of IE8 in March 2009. Opera has done it since the release of Opera 11.00 in December 2010. And now Firefox 6.0 does it with its release just a few hours ago. So at this point, 4 out of the 5 major web browsers highlight the domain in the address bar (the 5th being Safari).
No comments:
Post a Comment