Thursday, September 25, 2008

Phishing

In this segment, we'll look at a topic related to online identity theft. From time to time you may receive legitimate emails from your bank. However, people called phishers sometimes send an email masquerading as if it were from a legitimate financial institution. The obvious homonym of fishing for phishing indicates the style of theft which occurs. Let's take a look at a couple of examples.



In this first example it appears to be a legitimate email from the security department at Bank of America. They request that you login to a specified site and provide information about your account. In the last line of the first paragraph, there is a misspelled word which reads "submin" when it should have been "submit." An official Bank of America communication would have at a minimum had a spell check completed. Another key sign if you note the address listed in the bottom left corner directs you to an address which is nothing like Bank of America's web address. This was found by hovering over the link instead of clicking on it. If a user goes to this site and provides the requested information, it is likely they would have wiped any money in the account.


In the second example, everything looks legitimate including the web address. However, if you note the other email addresses in the To: line, it looks very much like a bunch of auto generated email addresses. Phishers use software programs to automatically generate email addresses hoping that they send one to an actual address being used. They sometimes also use bots which browse the web and anytime an email address shows up online will capture it and use it when sending out this phishing spam.

Be very cautious anytime you receive an email from a financial institution and especially if they request your personally identifiable information. A legitimate institution will not ask for this information in the unsecure medium of email. When logging into a bank's website, always type the web address in yourself rather than following a link in an email. This helps ensure that you are at the actual bank's website and not a fraudulent site masquerading as a legitimate one.

No comments:

Related Posts Plugin for WordPress, Blogger...