<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d5879416\x26blogName\x3dThe+J+Spotter\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dSILVER\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://jangelo.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://jangelo.blogspot.com/\x26vt\x3d4250975589262786883', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe", messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { 'blogger-ping': function() {} } }); } }); </script>

The J Spotter

Personal insights from the J Spot author J. Angelo Racoma
( this site has moved to http://jangelo.racoma.net )

The J Spotter » Loose Wire: Tips against Phishing

Loose Wire: Tips against Phishing

Jeremy Wagstaff writes (again) on phishing. He cites some tips against phishing put together by Daniel McNamara of Code Fish Spam Watch, whom he considers the "Anti-Phisher King."

Webopedia.com defines phishing as:

(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
...
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.


While Filipinos are not as likely to divulge sensitive information that may be useful to Phishers aside from passwords (i.e. bank details, or rather bank details to accounts that are well-funded), I have read about bad experiences of some Pinoys with Phishing emails. Okay, actually, I had been victim to such an attack myself (involving a Yahoo account), but that was eons ago.

In the end, it's best to scrutinize such emails even if they look official or from the source they claim. There are obvious signs that an message intends to phish, such as the target URL, the sensitivity of the information required, and spelling/grammatical errors in the text.

Some tips I'd like to add:

  • Turn on your browser's status bar (click view--status bar). This way, if reading email via web, you can easily check the target URL of a link by hovering your mouse cursor over it. Hence, you can more or less determine if the page will lead you to an official website when you click a link. For instance, some phishing messages claim to have come from Citibank, but have "www.citibank.com.xxxxxxx (replace xxxxxxx with your favorite top-level domain), but the URL is clearly not that of Citibank's website. Sometimes, the target is legit, but the codes will send your information somewhere else!

  • Turn on your file manager/explorer's extension-viewing capabilities. I don't understand why, by default, newer versions of Windows (i.e. XP) have this feature turned off by default. With this, you can easily see the file type of an attachment, and thus you can pinpoint what types of files you should avoid (EXE, COM, CMD, BAT, PIF, SCR, and some document files that may contain malicious macro code).


Some tips to consider to avoid being victimized by such phishing expeditions as posted in Loose Wire:

User Tips

Standard Phishing Emails

  1. Just remember that NO bank will ever, ever ask you to confirm details via email. If a bank seriously needs you to confirm information they will always require your physical presence or at the very least by phone.

  2. Banks never need you to confirm your password or PIN. They run the systems and if they ever run into problems with these it's much simpler for them to scrub the current records and replace them with new ones.

  3. They tend to be pretty un-imaginative using the same wording over and over again. Have a read through some previous phisher emails and you'll soon spot some common patterns.

  4. There's always the obvious clue that the bank that requires you to confirm your details is not one you actually bank with.

  5. Ebay/Paypal Scams - Just like the banks these guys never need you to confirm your details. They do control the systems so it's far easier for them to reset the information than to get the client to verify it.

  6. Remember this simple fact. The emails claim that due to whatever issue you need to verify your details. A quick bit of common sense shows that if they've screwed up the data they have what exactly are they going to verify against?

  7. The emails always threaten account closure if you don't comply. If a bank was seriously considering closing your bank account that would almost certainly contact you in writing (via good old snail mail) or over the phone.


Job Scams

  1. Remember these jobs scams don't just arrive via email. There have been cases of the phishers inserting these jobs into real job sites. The job sites generally do a good job of scrubbing these fraudulent job listings but occasionally they will miss one or two.

  2. Job scams are sometimes sent out via broadcast ICQ/MSN messages. If you receive an email from someone you do not know offering you a job, particularly if it offers large amount of income for very little work, treat it with extreme suspicion.

  3. Any job that offers you to make thousands a week is automatically suspect. No legitimate job (other than that of a CEO) will ever pull that sort of cash.

  4. The jobs scams almost always claim they are a European company have troubles doing overseas money transfer. This is ridiculous. Todays financial systems allow for businesses to transfer money anywhere they want in the world without resorting to wiring services such as Western Union.

  5. A "job" that pays by percentage kept from a money transfer is not legal from a tax point of Remember in the real world the employer needs to pay the appropriate amount of payroll tax. The way the jobs scams operate falls outside of this area.


Trojan Lure Emails

  1. These emails are almost always designed to get an emotional not rational response. As such the will claim things like your credit card has been charged, there is some form of huge natural disaster/terrorist attack or some of other story designed to make people click on the link out of fear or curosity.

  2. Some lure pretend to be questsions from eBay or PayPal people. Most of the time these emails looking slightly out of place


General Tips

  • By cynical. Seriously. The way the internet is today end users no longer have much of a choice but to approach anything they are presented with on the web/email as highly suspect until you feel you have enough hard evidence to prove it.

  • Keep your windows machines up to date. Yes even if you are on dial up. The time you spend now could save you from a very expense headace down the road. Make sure you run Windows Update at least once a month.

  • Use anti-virus. Doesn't really matter which one you use as long as you actually keep it up to date. All current anti-virus systems are simply signature based checkers and can only check for trojans they actually know about.

  • DON'T treat anti-virus and firewalls as the magic bullet for this problem. Despite what many companies will try and sell you there is NO all in one cure for this. There is always a way around firewalls, there is always some lag time between the time a new trojan is released and when the anti-virus companies update their signatures. Having said this you should still use these products because most of the time they will help save you.

  • If you receive an email you're unsure about ask the place is supposedly from. It's worth it just to double check it now than pay the price in the future.

  • If you come across an email you know to be fraudulent try and make steps to inform the bank/company involved. Most major ones these days have a facility to do this now.

  • If you have become embroiled in one of the money laundering job scams you need to cease contact with the scammers. Don't send them emails saying you've found them to be a scam and don't respond to their inquiries. Then contact your bank's anti-fraud department. Depending on the level of service of your bank's helpdesk this may take a little work but once you get through to the anti-fraud department you should find it is staffed by competent and understanding people who will work with the police in order track the stolen money. Be aware this process may result in your account being frozen for a few days while this happens. Better this than potentially being charged with aiding and abetting fraud.

  • If you have been involved in a job scam like the ones we've seen to date do not try and hold onto the money from the "job". Remember some that money has been stolen from some other person's account and you have no more right to it than that of the scum that stole it in the first place.

| Previous item: SAGIP-BUHAY INFANTA »
| Previous item: ISAW: Why are malicious hackers succeeding? »
| Previous item: NEDA budget's approval deferred »
| Previous item: Slashdot: Firefox Users Bad For Advertisers »
| Previous item: Population Management - Are we up to it? »
| Previous item: Tandang Sora Flyover to be closed? »
| Previous item: Yahoo! News - Exploding Cell Phones a Growing Problem »
| Previous item: Politics and Long-Term Development »
| Previous item: Gizmodo : Retro Phones at Retrofone »


I get Trojan Lure email but they never get anything from me. I wish people will think!

Posted by Blogger Ardythe Santos on Thursday, December 16, 2004 1:39:00 PM  



» Post a Comment