Help in foiling phishers (from the 12/17/04 issue of Net Family News)
Have you gotten an email from PayPal, eBay, Citibank, or even your own bank lately? Did it say something unnerving about a certain amount having been removed from your account, or you can't use your account until you update it - "click here to update"? Chances are, it's a phishing scam.
The number of phishing emails that have been intercepted by MessageLabs (a large email security company serving businesses) increased 10-fold this past year - from 337,000 in January to 4.5 million last month, reported ZDNET UK.
Which means a growing number have been arriving in our families' PC in-box(es). The new news on this affects families even more: Now we and our Web-researcher kids can stumble on phishing sites just by using Google and other search engines, CNET reports. Phishers are "setting up legitimate looking e-commerce sites that disguise links to malicious software as pictures of goods on sale." You might see an instruction like, "Click here to download a picture" of the product, cartoon character, person, etc., and you'd be downloading malicious software that might log keystrokes (when typing in a password or credit card or social security number) or take control of your computer.
Fortunately, anti-phishing software products are emerging. I recently interviewed Jeffrey Hellman, president of the company that makes a simple anti-phishing toolbar called FraudEliminator that's free. [Please note: We spotlight online-safety options for readers when they're timely but do not have the resources to test software properly.]
One of the things I like most about this one is that, as Jeff put it, FraudEliminator's designer "set out to design a product that would keep his grandmother safe." Using it is not rocket science, it's perfect for the not-so-tech-literate or anybody who worries about online privacy or (like of all us) is tempted to click when email says someone's been accessing their bank account and they need to verify their ID!
If you do click to "PayPal" or whatever, a big warning box pops up and tells you it's actually a suspicious site based in Korea or Vanuatu (you choose whether or not to continue on to that site). The warning can be annoying, too, but the pluses might outpace the minuses when young Web researchers start clicking on faux "images" and downloading malicious software in sites they found in a search engine.
The toolbar on your PC "talks" to the FraudEliminator server, which updates its black list of scam sites every 15 minutes. How it "knows" a site's fraudulent and updates the black list is pretty interesting, but I won't bore you with too much detail. First, it uses artificial intelligence, the company says, to "recognize" key words and phrases that suggest fraud. It can also tell if the site you're clicking to is a real domain name (like Citibank.com) or an IP address (a bunch of numbers); phishers' sites' addresses are more likely to be numbers only (an IP address is cheaper and quicker to be put up and abandoned). When a suspicious site is detected, a report goes from your PC to FraudEliminator headquarters. FE also has various "honeypot" email addresses scattered around the world, attracting spam and phishing emails, Jeff Hellman said. "In these honeypot accounts, we regularly receive up to dozens of phishing scams on a daily basis. These are reviewed and blacklisted" for the next update on users' PCs. FraudEliminator is not the only anti-phishing tool (see the links below for others) and it's probably not for the truly tech-savvy, but it's available, free, and easy to use - not much downside for families of varying age levels and degrees of tech expertise.
Further phishing news
- Other tools. A new browser called DeepNet Explorer (based on Internet Explorer) has anti-phishing detection and blocks a new kind of pop-up ad that evades pop-up blockers, CNET reports. Here's what it looks like (not wholly unlike FraudEliminator). Other anti-phishing tools and services include Phish Net and CloudMark SafetyBar (only works with Outlook and protects against phishing emails) and free protection provided by some Internet Service providers and eBay. "Companies that offer anti-phishing products include EarthLink, Webroot Software and PostX," ZDNET UK reported last summer. "Microsoft and Yahoo are also working on such programs." More certainly are in the works, but the free-FraudEliminator-toolbar concept makes the most sense to me so far.
- How to spot phish. In a 12/7 entry of his blog, ZDNET's Brian Cooley tells exactly how to spot these online scams: "Just hover your mouse over the link in the e-mail. After a second or two, your browser or email software will pop up a little balloon that will show you the real link you'd be clicking. It will be patently bogus. For example, [an email] supposedly from Washington Mutual Bank asking me to update my account (which doesn't exist) via this link: https://login.personal.wamu.com/logon/logon.asp?dd=1. It actually goes to: http://washington02.netfirms.com/login.personal.wamu.com/internetBanking.secureApp/. [Netfirms.com] is where you'll be taken if you click ... a company that hosts small Web sites and, apparently, criminals as well. The next part in italics looks legit but is just window dressing ... not a link to Washington Mutual at all."
- Anti-phish groups. Solid information on phishing can be found at the Anti-Phishing Working Group's site. And a new anti-phishing alliance, Digital PhishNet, launched last week, ComputerWorld reported. Among its members: Microsoft, America Online, VeriSign, EarthLink, the FBI, US Secret Service and Postal Inspection Service, and "9 of the top 10 US banks and financial service companies."
- Latest scam: Phishers changing the content of a pop-up window in a legitimate banking site to malicious content that captures personal info you type in, thinking it's your bank site's own pop-up - ZDNET reports. (FraudEliminator's Jeff Hellman says FE catches exploits like this.)
- Latest data: The number of phishing sites "associated with online identity theft scams" grew by 33% last month, PCWorld reported Wednesday. The most common pretended to be eBay and Citibank.
HOME | newsletter | subscribe | links | supporters | about | feedback