Friday, August 12, 2005

Help Prevent Phishing Attacks

If the idea of identity theft scares you, you're justified in your concern. It seems like everyday, new types of 'phishing attacks' are being created. If you don't know what phishing attacks are, I will try to explain.

This is when someone tries to trick you in to revealing your personal information (such as passwords, social security numbers, and more), this is known as a phishing attack. They generally do this by sending you forged emails from legitimate companies that you trust (like: B of A, Citibank, eBay, etc.). These email contain links to a phony web site that looks legitimate. Then when you go to the phony web site, it will ask you to 'verify' your information by requesting you to enter your credit card, social security numbers, user accounts and password, etc.

Unfortunately, there is no easy way to detect phishing web sites, and they're increasing in their sophistication all the time. Right now, one of the few semi-reliable tools for fighting back against these attacks, are programs that validate the IP address of the web site you're visiting.

There is a tool from a U.K. company called Netcraft, which has created a free browser plug-in called the 'Netcraft Toolbar' (now available for Internet Explorer and Firefox). Netcraft has compiled a list of known phishing sites from user input (which comes from the toolbar), and its own data.

When using the toolbar, users are encouraged to report phishing sites that they find. Then, If you attempt to visit a known phishing site, the toolbar will block it and warn you. Other web sites have 'risk ratings' assigned to them, this rating is based on technical factors in the page that may be typical of a phishing web site.

No comments: