Sunday, July 6, 2008

Beefing up your Phishing net

Beefing up your Phishing net: "

Filed under:

Phishers -- in their sinister attempts to bilk you out of your time, money, and personal information with bogus emails -- are becoming more and more clever. Luckily, with a little critical thinking and up-to-date software, you can keep yourself safe.


Typically, to avoid falling victim to phishing, check the URL that the email is asking you to click. Does it look right? One popular façade for phishing attempts is PayPal, and there's a new technique that makes it look like the request is coming, securely, from paypal.com. For the technical among us, it exploits a flaw in one of PayPal's screens that allows a phisher to include a redirect URL in an address that begins with https://www.paypal.com. Sneaky. Thankfully, Firefox blocks it on the rebound.


Also, emails that ask you to verify or enter account information (that you've already entered) have a high degree of poopiness about them. Reader Allan noted that because Apple is in the process of switching people to Mobile Me, some phishers are using the confusion to send people emails asking them to enter new billing information for the new service. That, of course, isn't necessary, and if you get that kind of email, you should delete it.


Another good way to protect yourself is to use an up-to-date browser. Firefox includes protection against known phishing sites, and warns you about them before letting you proceed. Safari, currently, does not, but 1Password does, and it works seamlessly with Safari. Installing one of these options is especially important for parents and grandparents that may not be as familiar with these attacks as their kids.


Lastly, there's a great overview at macphishingprotection.com, which notes, 'Phishers win even if you make only one mistake.' Truer words never spoken.


Thanks, Allan, Fernando and Aviv for the heads-up!

Read'|'Permalink'|'Email this'|'Comments




"



(Via The Unofficial Apple Weblog (TUAW).)

No comments: